forked from kubernetes/release
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
bom: Update documentation to reference new location
Signed-off-by: Stephen Augustus <foo@auggie.dev>
- Loading branch information
1 parent
77ec56f
commit 09aeb46
Showing
3 changed files
with
10 additions
and
126 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,77 +1,6 @@ | ||
# bom (Bill of Materials) | ||
## A utility to generate SPDX compliant Bill of Materials manifests. | ||
# bom | ||
|
||
`bom` is a tiny utility that leverages the code written for the Kubernetes | ||
Bill of Materials project. It enables software authors to generate an | ||
SBOM for their projects in a simple, yet powerful way. | ||
This utility has a [new location](https://sigs.k8s.io/bom). | ||
|
||
![terminal demo](../../docs/bom/cast.svg "Terminal demo") | ||
|
||
|
||
`bom` is a general-purpose tool that can generate SPDX packages from | ||
directories, container images, single files, and other sources. The utility | ||
has a built-in license classifier that recognizes the 400+ licenses in | ||
the SPDX catalog. | ||
|
||
Other features include Golang dependency analysis and full `.gitignore` | ||
support when scanning git repositories. | ||
|
||
## Generate your own Bill of Materials | ||
|
||
If you are looking for a way to create a bill of materials for your project, we | ||
have created a | ||
[HOWTO guide to generating an SBOM](../../docs/bom/create-a-bill-of-materials.md). | ||
|
||
The guide includes information about | ||
[what a Bill of Materials is](../../docs/bom/create-a-bill-of-materials.md#what-is-a-bill-of-materials), | ||
[the SPDX standard](../../docs/bom/create-a-bill-of-materials.md#spdx-software-package-data-exchange), | ||
and instructions to add files, images, directories, and | ||
other sources to your BOM. | ||
|
||
## Compiling bom | ||
|
||
To compile bom, clone the Kubernetes Release Engineering repository and | ||
run the `compile-tools` script: | ||
|
||
``` | ||
git clone git@github.com:kubernetes/release.git | ||
cd release | ||
./compile-release-tools | ||
``` | ||
|
||
## Examples | ||
|
||
The following examples show how bom can process different sources to generate | ||
an SPDX Bill of Materials. Multiple sources can be combined to get a document | ||
describing different packages. | ||
|
||
### Generate an SBOM from the Current Directory: | ||
|
||
To process a directory as a source for your SBOM, use the `-d` flag or simply pass | ||
the path as the first argument to `bom`: | ||
|
||
```bash | ||
bom generate -n http://example.com/ . | ||
``` | ||
|
||
### Process a Container Image | ||
|
||
This example pulls the kube-apiserver image, analyzes it, and describes in the | ||
SBOM. Each of its layers are then expressed as a subpackage in the resulting | ||
document: | ||
|
||
``` | ||
bom generate -n http://example.com/ --image k8s.gcr.io/kube-apiserver:v1.21.0 | ||
``` | ||
|
||
### Generate a BOM to describe files | ||
|
||
You can create an SBOM with just files in the manifest. For that, use `-f`: | ||
|
||
``` | ||
bom generate -n http://example.com/ \ | ||
-f Makefile \ | ||
-f file1.exe \ | ||
-f document.md \ | ||
-f other/file.txt | ||
``` | ||
This file is a placeholder to preserve links. | ||
Please remove after 2022-02-01. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,51 +1,6 @@ | ||
# bom (Bill of Materials) | ||
# bom | ||
|
||
Create SPDX compliant Bill of Materials | ||
Documentation about the `bom` tool has a [new location](https://sigs.k8s.io/bom). | ||
|
||
- [Summary](#summary) | ||
- [Installation](#installation) | ||
- [Usage](#usage) | ||
|
||
## Summary | ||
|
||
bom is a little utility that lets software authors generate | ||
SPDX manifests to describe the contents of a release. The | ||
SPDX manifests provide a way to list and verify all items | ||
contained in packages, images, and individual files while | ||
packing the data along with licensing information. | ||
|
||
bom is still in its early stages and it is an effort to open | ||
the libraries developed for the Kubernetes SBOM for other | ||
projects to use. | ||
|
||
For a more in depth instructions on how to create an SBOM see | ||
[Generating a Bill of Materials for Your Project](create-a-bill-of-materials.md) | ||
|
||
## Installation | ||
|
||
To use bom generate, compile the release engineering tools: | ||
|
||
``` | ||
git clone git@github.com:kubernetes/release.git | ||
cd release | ||
./compile-release-tools bom | ||
``` | ||
|
||
## Usage | ||
``` | ||
bom [subcommand] | ||
``` | ||
|
||
### Available Commands | ||
``` | ||
generate bom generate → Create SPDX manifests | ||
help Help about any command | ||
``` | ||
|
||
### Command line flags | ||
|
||
``` | ||
Flags: | ||
-h, --help help for bom | ||
--log-level string the logging verbosity, either 'panic', 'fatal', 'error', 'warning', 'info', 'debug', 'trace' (default "info") | ||
``` | ||
This file is a placeholder to preserve links. | ||
Please remove after 2022-02-01. |