From 09aeb469249690cbc6b9a3dbfa26d97a7eec708b Mon Sep 17 00:00:00 2001 From: Stephen Augustus Date: Mon, 22 Nov 2021 14:29:58 -0500 Subject: [PATCH] bom: Update documentation to reference new location Signed-off-by: Stephen Augustus --- README.md | 4 +-- cmd/bom/README.md | 79 +++------------------------------------------- docs/bom/README.md | 53 +++---------------------------- 3 files changed, 10 insertions(+), 126 deletions(-) diff --git a/README.md b/README.md index b009db67bbf..7aa7626da02 100644 --- a/README.md +++ b/README.md @@ -99,12 +99,12 @@ Details: [Documentation](https://sigs.k8s.io/promo-tools/cmd/gh2gcs/README.md) ## End User -### [`bom`](/cmd/bom) +### [`bom`](https://sigs.k8s.io/bom) Generate SPDX-compliant Bills of Materials for a software project. Supports reading directories, images, files and more. -Details: [Documentation](cmd/bom/README.md) | [SBOM HOWTO](docs/bom/create-a-bill-of-materials.md) +Details: [Documentation](https://sigs.k8s.io/bom/README.md) ### [`release-notes`](/cmd/release-notes) diff --git a/cmd/bom/README.md b/cmd/bom/README.md index dab93722f0c..045e7b2ddb9 100644 --- a/cmd/bom/README.md +++ b/cmd/bom/README.md @@ -1,77 +1,6 @@ -# bom (Bill of Materials) -## A utility to generate SPDX compliant Bill of Materials manifests. +# bom -`bom` is a tiny utility that leverages the code written for the Kubernetes -Bill of Materials project. It enables software authors to generate an -SBOM for their projects in a simple, yet powerful way. +This utility has a [new location](https://sigs.k8s.io/bom). -![terminal demo](../../docs/bom/cast.svg "Terminal demo") - - -`bom` is a general-purpose tool that can generate SPDX packages from -directories, container images, single files, and other sources. The utility -has a built-in license classifier that recognizes the 400+ licenses in -the SPDX catalog. - -Other features include Golang dependency analysis and full `.gitignore` -support when scanning git repositories. - -## Generate your own Bill of Materials - -If you are looking for a way to create a bill of materials for your project, we -have created a -[HOWTO guide to generating an SBOM](../../docs/bom/create-a-bill-of-materials.md). - -The guide includes information about -[what a Bill of Materials is](../../docs/bom/create-a-bill-of-materials.md#what-is-a-bill-of-materials), -[the SPDX standard](../../docs/bom/create-a-bill-of-materials.md#spdx-software-package-data-exchange), -and instructions to add files, images, directories, and -other sources to your BOM. - -## Compiling bom - -To compile bom, clone the Kubernetes Release Engineering repository and -run the `compile-tools` script: - -``` -git clone git@github.com:kubernetes/release.git -cd release -./compile-release-tools -``` - -## Examples - -The following examples show how bom can process different sources to generate -an SPDX Bill of Materials. Multiple sources can be combined to get a document -describing different packages. - -### Generate an SBOM from the Current Directory: - -To process a directory as a source for your SBOM, use the `-d` flag or simply pass -the path as the first argument to `bom`: - -```bash -bom generate -n http://example.com/ . -``` - -### Process a Container Image - -This example pulls the kube-apiserver image, analyzes it, and describes in the -SBOM. Each of its layers are then expressed as a subpackage in the resulting -document: - -``` -bom generate -n http://example.com/ --image k8s.gcr.io/kube-apiserver:v1.21.0 -``` - -### Generate a BOM to describe files - -You can create an SBOM with just files in the manifest. For that, use `-f`: - -``` -bom generate -n http://example.com/ \ - -f Makefile \ - -f file1.exe \ - -f document.md \ - -f other/file.txt -``` \ No newline at end of file +This file is a placeholder to preserve links. +Please remove after 2022-02-01. diff --git a/docs/bom/README.md b/docs/bom/README.md index d7cc709cb1e..8a5fd25704b 100644 --- a/docs/bom/README.md +++ b/docs/bom/README.md @@ -1,51 +1,6 @@ -# bom (Bill of Materials) +# bom -Create SPDX compliant Bill of Materials +Documentation about the `bom` tool has a [new location](https://sigs.k8s.io/bom). -- [Summary](#summary) -- [Installation](#installation) -- [Usage](#usage) - -## Summary - -bom is a little utility that lets software authors generate -SPDX manifests to describe the contents of a release. The -SPDX manifests provide a way to list and verify all items -contained in packages, images, and individual files while -packing the data along with licensing information. - -bom is still in its early stages and it is an effort to open -the libraries developed for the Kubernetes SBOM for other -projects to use. - -For a more in depth instructions on how to create an SBOM see -[Generating a Bill of Materials for Your Project](create-a-bill-of-materials.md) - -## Installation - -To use bom generate, compile the release engineering tools: - -``` -git clone git@github.com:kubernetes/release.git -cd release -./compile-release-tools bom -``` - -## Usage -``` - bom [subcommand] -``` - -### Available Commands -``` - generate bom generate → Create SPDX manifests - help Help about any command -``` - -### Command line flags - -``` -Flags: - -h, --help help for bom - --log-level string the logging verbosity, either 'panic', 'fatal', 'error', 'warning', 'info', 'debug', 'trace' (default "info") -``` +This file is a placeholder to preserve links. +Please remove after 2022-02-01.