Towards a better binary sbom tool - Githubissues

owasp-dep-scan / blint

BLint is a Binary Linter to check the security properties, and capabilities in your executables. Since v2, blint is also an SBOM generator for binaries.

MIT License

337 stars 32 forks source link

Towards a better binary sbom tool #37

Open prabhu opened 1 year ago

prabhu commented 1 year ago

With 1.0.x, we have successfully demonstrated our capability to parse and analyze binaries cross-platform with backing annotations. We can also show invoking this tool in a CI/CD environment with the upcoming GitHub action.

For 1.2.x, it is time to expand and look into making blint available for dep-scan as a tool for:

[x] Precise SBOM generator for binaries. Current implementations such as cve-bin-tool use strings command
[ ] Checking whether a container image or os has malicious binaries at some predefined locations - https://github.com/AppThreat/dep-scan/issues/106

prabhu commented 7 months ago

SBOM support is being worked on for 2.x