The SBOM-in-a-Box is a unified platform to generate the high fidelity SBOM data. It automated the production, consumption, and utilization of Software Bills of Materials (SBOMs). This includes conversion between schemas, generation, comparision and evaluation of SBOM quality.
SBOM-in-a-box is a plug-and-play environments that supports adding any form of SBOM tools into the box. This would allow generation of SBOMs using multiple tools that allow for a more a complete SBOM to be created. There is also a feature within metrics, where the tool provides suggestions if there is potentially a better way to showcase the attributes. There is also the ability to convert between SPDX and CycloneDX SBOM schemas, and to gain insight into vulnerabilities of software through SBOMs. These features allow for developers to create an SBOM that is the most relevant and suits their needs.
Launch the API
docker compose upNote: To launch the backend it will take at least 10 minutes, due to there being over 10 open source tools included.
Launch the GUI
If making changes to any source code, the Docker image(s) will need to be rebuilt. See Building the Image for detailed instructions. See SBOM-in-a-Box API for detailed API usage.
SBOM-in-a-Box has a number of unique features to support:
Currently, SBOM-in-a-Box Supports the following SBOM Types
| Schema | JSON | XML | Tag:Value |
|---|---|---|---|
| SPDX 2.3 | ✅ | ❌ | ✅ |
| CyloneDX 1.4 | ✅ | ✅ | CycloneDX does not support Tag:Value |
Project Lead: Mehdi Tarrit Mirakhorli
Project Manager: Chris Enoch
Developer Team Lead: Derek Garcia
Developer Team