sbommv is the primary tool for transferring SBOMs between systems — designed to fetch SBOMs from input sources, translate and validates them, enrich metadata, and push them to output destinations. At its core, sbommv uses a modular, adapter-based architecture that makes it flexible, scalable, and ready for the future to easily plug in and plug out new systems or platforms.
With its modular architecture, sbommv today supports a range of input and output systems:
Input Systems:
- GitHub (via API, releases, and repository cloning)
- Local Folders
- AWS S3 Buckets (new)
Output Systems:
- Dependency-Track
- Interlynk Platform
- Local Folders
- AWS S3 Buckets (new)
This setup allows SBOMs to move seamlessly across different systems, abstracting away the complexities of each system's internal workings.
SBOM Platform - Interlynk
Our SBOM Automation Platform has a new free tier that provides a comprehensive solution to manage SBOMs (Software Bill of Materials) effortlessly. From centralized SBOM storage, built-in SBOM editor, continuous vulnerability mapping and assessment, and support for organizational policies, all while ensuring compliance and enhancing software supply chain security using integrated SBOM quality scores. The free tier is ideal for small teams. Try now
https://github.com/interlynk-io/sbommv/releasesbrew tap interlynk-io/interlynk
brew install sbommvgo install github.com/interlynk-io/sbommv@latestThis approach involves cloning the repo and building it.
- Clone the repo
git clone [email protected]:interlynk-io/sbommv.git cdintosbommvfolder- make; make build
- To test if the build was successful run the following command
./build/sbommv version
- Fetch/Pull SBOM from Github and save it to a local folder
$ sbommv transfer --input-adapter=github \
--in-github-url="https://github.com/interlynk-io/sbomqs" \
--in-github-method="release" --output-adapter=folder \
--out-folder-path="demo"- Fetch/Pull SBOM from Github and push it to a Dependency-Track
$ sbommv transfer --input-adapter=github \
--in-github-url="https://github.com/interlynk-io/sbommv" \
--output-adapter=dtrack \
--out-dtrack-url="http://localhost:8081"NOTE: Make sure dependency-track is running locally, if not, refer for setup.
If you have found it interesting soo far, you can show your support via starring ⭐ it.
- Get started with sbommv.
- It allows to fetch SBOMs from github API, Github Release Pages, and folder, refer here for more..
- It allows to send SBOMs to Dependency-Track, Interlynk, Folde, refer here for more.
- It allows continous folder monitoring and transferring SBOMs continously by running into daemon mode, refer here for more.
- Internally it uses Protobom library forinter-format conver, read more about it here.
+---------------------+ +------------------------------+ +----------------------+
| Input Adapter | --> | Enrichment/Translation | --> | Output Adapter |
|-------------------- | |------------------------------| |----------------------|
| - GitHub | | - SBOM Translation* | | - Interlynk |
| - BitBucket* | | - Enrichment* | | - Dependency-Track |
| - Dependency-Track*| +------------------------------+ | - Folder |
| - Folder | | - GUAC* |
| - S3* | | - S3* |
+---------------------+ +----------------------+
* Coming Soon
If you are looking to integrate more such systems, raise an issue, would love to add them.
We look forward to your contributions, below are a few guidelines on how to submit them
- Fork the repo
- Create your feature/bug branch (
git checkout -b feature/bug) - Commit your changes (
git commit -aSm "awesome new feature") - commits must be signed - Push your changes (
git push origin feature/new-feature) - Create a new pull-request
- SBOM Quality Score - Quality & Compliance tool
- SBOM Assembler - A tool to compose a single SBOM by combining other SBOMs or parts of them
- SBOM Search Tool - A tool to grep style semantic search in SBOMs
- SBOM Explorer - A tool for discovering and downloading SBOMs from a public repository
We appreciate all feedback. The best ways to get in touch with us:
- ❓&
🅰️ Slack - ☎️ Live Chat
- 📫 Email Us
- 🐛 Report a bug or enhancement
- ❌ Follow us on X
If you like this project, please support us by starring ⭐ it.
