Skip to content

Commit

Permalink
bom: Update documentation to reference new location
Browse files Browse the repository at this point in the history 
Signed-off-by: Stephen Augustus <foo@auggie.dev>
  • Loading branch information
@justaugustus
justaugustus committed Nov 22, 2021
1 parent 77ec56f commit 09aeb46
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 126 deletions.
4 changes: 2 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,12 +99,12 @@ Details: [Documentation](https://sigs.k8s.io/promo-tools/cmd/gh2gcs/README.md)

## End User

### [`bom`](/cmd/bom)
### [`bom`](https://sigs.k8s.io/bom)

Generate SPDX-compliant Bills of Materials for a software
project. Supports reading directories, images, files and more.

Details: [Documentation](cmd/bom/README.md) | [SBOM HOWTO](docs/bom/create-a-bill-of-materials.md)
Details: [Documentation](https://sigs.k8s.io/bom/README.md)

### [`release-notes`](/cmd/release-notes)

Expand Down
79 changes: 4 additions & 75 deletions cmd/bom/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,77 +1,6 @@
# bom (Bill of Materials)
## A utility to generate SPDX compliant Bill of Materials manifests.
# bom

`bom` is a tiny utility that leverages the code written for the Kubernetes
Bill of Materials project. It enables software authors to generate an
SBOM for their projects in a simple, yet powerful way.
This utility has a [new location](https://sigs.k8s.io/bom).

![terminal demo](../../docs/bom/cast.svg "Terminal demo")


`bom` is a general-purpose tool that can generate SPDX packages from
directories, container images, single files, and other sources. The utility
has a built-in license classifier that recognizes the 400+ licenses in
the SPDX catalog.

Other features include Golang dependency analysis and full `.gitignore`
support when scanning git repositories.

## Generate your own Bill of Materials

If you are looking for a way to create a bill of materials for your project, we
have created a
[HOWTO guide to generating an SBOM](../../docs/bom/create-a-bill-of-materials.md).

The guide includes information about
[what a Bill of Materials is](../../docs/bom/create-a-bill-of-materials.md#what-is-a-bill-of-materials),
[the SPDX standard](../../docs/bom/create-a-bill-of-materials.md#spdx-software-package-data-exchange),
and instructions to add files, images, directories, and
other sources to your BOM.

## Compiling bom

To compile bom, clone the Kubernetes Release Engineering repository and
run the `compile-tools` script:

```
git clone git@github.com:kubernetes/release.git
cd release
./compile-release-tools
```

## Examples

The following examples show how bom can process different sources to generate
an SPDX Bill of Materials. Multiple sources can be combined to get a document
describing different packages.

### Generate an SBOM from the Current Directory:

To process a directory as a source for your SBOM, use the `-d` flag or simply pass
the path as the first argument to `bom`:

```bash
bom generate -n http://example.com/ .
```

### Process a Container Image

This example pulls the kube-apiserver image, analyzes it, and describes in the
SBOM. Each of its layers are then expressed as a subpackage in the resulting
document:

```
bom generate -n http://example.com/ --image k8s.gcr.io/kube-apiserver:v1.21.0
```

### Generate a BOM to describe files

You can create an SBOM with just files in the manifest. For that, use `-f`:

```
bom generate -n http://example.com/ \
-f Makefile \
-f file1.exe \
-f document.md \
-f other/file.txt
```
This file is a placeholder to preserve links.
Please remove after 2022-02-01.
53 changes: 4 additions & 49 deletions docs/bom/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,51 +1,6 @@
# bom (Bill of Materials)
# bom

Create SPDX compliant Bill of Materials
Documentation about the `bom` tool has a [new location](https://sigs.k8s.io/bom).

- [Summary](#summary)
- [Installation](#installation)
- [Usage](#usage)

## Summary

bom is a little utility that lets software authors generate
SPDX manifests to describe the contents of a release. The
SPDX manifests provide a way to list and verify all items
contained in packages, images, and individual files while
packing the data along with licensing information.

bom is still in its early stages and it is an effort to open
the libraries developed for the Kubernetes SBOM for other
projects to use.

For a more in depth instructions on how to create an SBOM see
[Generating a Bill of Materials for Your Project](create-a-bill-of-materials.md)

## Installation

To use bom generate, compile the release engineering tools:

```
git clone git@github.com:kubernetes/release.git
cd release
./compile-release-tools bom
```

## Usage
```
bom [subcommand]
```

### Available Commands
```
generate bom generate → Create SPDX manifests
help Help about any command
```

### Command line flags

```
Flags:
-h, --help help for bom
--log-level string the logging verbosity, either 'panic', 'fatal', 'error', 'warning', 'info', 'debug', 'trace' (default "info")
```
This file is a placeholder to preserve links.
Please remove after 2022-02-01.

0 comments on commit 09aeb46

Please sign in to comment.