scq

command module
v0.0.0-...-0fdc4c1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 25, 2022 License: Apache-2.0 Imports: 1 Imported by: 0

README

scq

This is a Supply Chain Query tool intended to query datastores containing attestations, SBOMs, and other supply chain metadata and build a graph that can be queried.

This is currently a POC and is being tested by storing attestations in mongodb and thus relies on mongo db for testing.

Right now the way you would test it out is:

go build
./scq test testdata/
cat testdata/foo.json | jq '.subject[0].digest.sha256' | xargs -I{} ./scq graph --hash {} | jq | less

The above commands will store the testdata into mongodb and then generate a graph based on the hash from the foo.json test attestation. It will recursively query the mongodb until it can't find any attestations to follow.

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
internal
pkg/test
pkg
graph
record

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.