search

microsoft / sbom-tool

The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.
MIT License
1.51k stars 121 forks source link

Does this work on Visual Basic 6.0 app? #534

Open Almarine-James opened 3 months ago

Almarine-James commented 3 months ago

My organization is now requiring SBOM's regardless of how ancient the software is. We have a massive legacy ERP system written in VB 6.0 stored in a SourceAnywhere for VSS repository. I'm trying to find an SBOM tool that will work on this code. Will this tool do the trick? If not, does anyone have any other ideas regarding SBOM tools that may work on this code?

jalkire commented 3 months ago

Hi @Almarine-James, the SBOM tool is able to scan built files generically, regardless of framework. In order to detect packages, the component detection library needs to support your environment--you can find more info about its features here.

birchsr commented 2 months ago

Hi @Almarine-James I'm in the same boat as you, with a few smaller vb6 based tools that ship in a single package, and we are (too) being forced down this route. I have tried to get this tool working, but it doesn't detect VB6 based ".vbp" based projects/modules (component detector ID's are all 0). If you get this working, can you give me a shout please! in the meantime I'm wearing google out with searching for alternatives.

SimonvanAs commented 2 months ago

No luck so far, in the same position as both @birchsr and @Almarine-James. Do get output from the tool (see below), but the VB6 package is not included or mentioned as it is not part of the 'component detection' package. Have you found anything that does creates an VB6 app SBoM? Also got the tip to check with Checkmarx, haven't come round to test that; one of you did perhaps?

image

SimonvanAs commented 2 months ago

Created an issue with the 'component-detection' GitHub to ask for the VB6 support

DaveTryon commented 3 days ago

@SimonvanAs, your VB6 request (https://github.com/microsoft/component-detection/issues/1088) has been waiting for your input since May 15th, 2024. Just nudging you here and capturing the link to the open request. Sbom-tool won't be able to support VB6 until it's added to component-detection

DaveTryon commented 3 days ago

@birchsr and @Almarine-James, please feel free to jump in on https://github.com/microsoft/component-detection/issues/1088 to help drive this issue in component-detection.