docs: write a how-to guide for sbom generation

[terriko]

We recently added the ability to do sbom generation in cve-bin-tool. It's not super fancy yet, but it might be nice to have a guide for how to use it with examples and tips.

Edit: this was an issue flagged for hackathon participants that never got claimed; it's open to non-hackathon contributors now.

[Swarnlataaa]

Please assign me this issue I want to contribute.

[terriko]

@Swarnlataaa have fun! Let us know if you have any questions.

[terriko]

This wasn't completed in earlier hackathons so I'm putting it up for hacktoberfest folk to try!

[terriko]

Short tips for new contributors:

• cve-bin-tool's contributor docs
• If you've contributed to open source but not this project, you might just want our checklist for a great pull request
• cve-bin-tool uses https://www.conventionalcommits.org/ style for commit messages, and we have a test that checks the title of your pull request (PR). A good potential title for this one is in the title of this issue.
• You can make an issue auto close by including a comment "fixes #ISSUENUMBER" in your PR comments where ISSUENUMBER is the actual number of the issue. This "links" the issue to the pull request.

Claiming issues:

• You do not need to have an issue assigned to you before you work on it. To "claim" an issue either make a linked pull request or comment on the issue saying you'll be working on it.
• If someone else has already commented or opened a pull request, assume it is claimed and find another issue to work on.
• If it's been more than 1 week without progress, you can ask in a comment if the claimant is still working on it before claiming it yourself (give them at least 3 days to respond before assuming they have moved on).

[kishan3]

Hi @terriko can you please provide context it like where we can add the guide and if there is any specific format for it? Thanks!

[terriko]

@kishan3 We've got a bunch of how-to guides in this directory if you want to see how the others are done: https://github.com/intel/cve-bin-tool/tree/main/doc/how_to_guides

The format would be markdown (although we can handle RestructuredText too, most of our stuff is in markdown) and you can put it in that same how_to_guides directory. You probably want to add it to the index (https://github.com/intel/cve-bin-tool/blob/main/doc/how_to_guides/index.rst) so that it'll get linked correctly when the docs are built.

[kishan3]

Thanks @terriko there is already doc https://github.com/intel/cve-bin-tool/blob/main/doc/how_to_guides/sbom_generation.md Not sure what we need to add to it.

[terriko]

Hm, maybe this should have been closed already? But since it wasn't, let's get the sbom creation guide linked into the user manual (doc/MANUAL.md) and potentially the README.md file so it's easier to find, and then we'll declare this closed.

[terriko]

@kishan3 and if you're looking for something else docs-y to do, there's also an open issue for a triage how-to: https://github.com/intel/cve-bin-tool/issues/3219

[terriko]

Okay, going to close this one as good enough for now.

[kishan3]

Thanks, @terriko unfortunately I couldn't check the other one.