Red Hat SummitCe contenu n'est pas disponible dans la langue sélectionnée.
Chapter 1. Creating a software bill of materials manifest file
Red Hat Trusted Profile Analyzer can analyze both CycloneDX and Software Package Data Exchange (SPDX) SBOM formats by using the JSON file format. Many open source tools are available to you for creating Software Bill of Materials (SBOM) manifest files from container images, or for your application. For this procedure we are going to use the Syft tool.
Currently, Trusted Profile Analyzer only supports CycloneDX version 1.3, 1.4, and 1.5, along with SPDX version 2.2, and 2.3.
Prerequisites
Install Syft for your workstation platform:
Procedure
To create an SBOM by using a container image.
CycloneDX format:
Syntax
syft IMAGE_PATH -o cyclonedx-json@1.5Example
$ syft registry:example.io/hello-world:latest -o cyclonedx-json@1.5SPDX format:
Syntax
syft IMAGE_PATH -o spdx-json@2.3Example
$ syft registry:example.io/hello-world:latest -o spdx-json@2.3NoteSyft supports many types of container image sources. See the official supported source list on Syft’s GitHub site.
To create an SBOM by scanning the local file system.
CycloneDX format:
Syntax
syft dir: DIRECTORY_PATH -o cyclonedx-json@1.5 syft file: FILE_PATH -o cyclonedx-json@1.5Example
$ syft dir:. -o cyclonedx-json@1.5 $ syft file:/example-binary -o cyclonedx-json@1.5SPDX format:
Syntax
syft dir: DIRECTORY_PATH -o spdx-json@2.3 syft file: FILE_PATH -o spdx-json@2.3Example
$ syft dir:. -o spdx-json@2.3 $ syft file:/example-binary -o spdx-json@2.3
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}