sbomnix
sbomnix copied to clipboard
tiiuae
A suite of utilities to help with software supply chain challenges on nix targets
Hello, I'm currently investigating how I could potentially embed SBOMs in OCI containers made with Nix. I would like to use this project which seems quite mature, but I wish...
I.e. it can take `~/.nix-profile/manifest.json` as input Currently you get: ``` % sbomnix ~/.nix-profile INFO Evaluating '/Users/arian/.nix-profile' INFO Try force-realising store-path '/Users/arian/.nix-profile' INFO Loading runtime dependencies referenced by '/nix/store/pwcgic86vfhhdkpbh03cn7pv7a58vdqh-profile' CRITICAL...
Adds [cve-bin-tool](https://github.com/intel/cve-bin-tool/tree/main) scanner to vulnxscan. Why do we use cve-bin-tool [fork](https://github.com/henrirosten/cve-bin-tool) instead of the [upstream](https://github.com/intel/cve-bin-tool/tree/main) or the [version in nixpkgs](https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/tools/security/cve-bin-tool/default.nix)? The main reason is, both the upstream and the nixpkgs...
Dependencies from rust and go projects are missing because they fetch their dependencies directly, so the dependencies are not included in the dependency trees produced by `nix-store --query --graph`, which...
NVD plans to retire legacy data feeds on 09/2023: https://nvd.nist.gov/products/cpe Currently, sbomnix uses NVD "CPE Dictionary" in mapping the nix pakcages to CPE identifiers, see: https://github.com/tiiuae/sbomnix/blob/main/scripts/cpedict/update-cpedict.sh and https://github.com/tiiuae/sbomnix/blob/main/sbomnix/cpe.py. We need...
Change nixgraph (cli) so that it can load an earlier state (sbom?), to allow visualizing and querying the build target graph ‘postmortem’ without having to re-produce the earlier build environment...
add tips&tricks markdown page that would include some interesting non-obvious use-cases of sbomnix such as this: https://discourse.nixos.org/t/how-to-get-package-maintainers-of-all-installed-packages/27307/12 and this, that creates a list of fetched urls given a result symlink:...