chainguard-dev / bom-shelter

A place to systematically store software bill of materials (SBOM) documents.
44 stars 5 forks source link

bom-shelter

You need SBOMs? bom-shelter has SBOMs.

bom-shelter is a collection of SBOM documents that can be used for prototying SBOM tools or understanding properties of SBOMs.

The in-the-wild folder contains both SPDX and CycloneDX SBOMs found "in the wild," that is, associated with open source software projects. To the best of our ability, these SBOMs are meant to represent real SBOMs, not ones simply created for example purposes. Additionally, this in-the-wild dataset represents a diverse sample.

The in-the-lab folder currently contains SPDX SBOMs created "in the lab," that is, generated via an SBOM-generating tool for the purpose of creating a large SBOM dataset. The spdx-popular-containers sub-folder contains over 3,000 SBOMs created with four different tools (syft, trivy, bom, and tern) from a list of 1,000 popular containers.

Input, ideas, issues, collaboration and PR's welcome.