Secure your software empower your team.
Table of Contents
If you'd like to contribute code or documentation, please see CONTRIBUTING.md for guidelines on how to do so.
Please report any issues with the setup process or other problems encountered while using this repository by opening a new issue in this project's GitHub page.
The sbom service creates an inventory of dependencies of an application's source code directory.
It is the first stage of the Software Composition Analysis process.
- Identify dependencies (SBOM)
- Identify known vulnerabile dependencies (This service)
- Identify licenses & license compliance
- Compute and verify upgrades to the application
- Identifies package-managed dependencies
- Identify self-managed dependencies (script tags, library files, etc...)
To execute this service for development purposes, two paramters need to be supplied to the IDE or terminal:
Usage of sbom-js:
-output-file string
Absolute Path to the output file (Required)
-source-code-directory string
Absolute Path to the source code directory (Required)
This software was developed as part of the research project “FNR JUMP SecuBox”, funded by the Luxembourg National Research Fund (FNR), grant number JUMP21/16693582/SecuBox (hereafter the “Project”). The software was developed at the University of Luxembourg (hereafter the “University”) and is subject to its intellectual property policy. Accordingly, the copyright of this software is held by the University of Luxembourg. The development of this software involved contributions from several researchers affiliated with the University during the Project period. Their work was instrumental in achieving the technical and scientific objectives of the Project.