sbommv is your primary tool to transfer SBOM's between different systems.It is designed to allow transfer sboms across systems. The tool supports input, translation, enrichment & output adapters which allow it to be extensible in the future. Input adapters are responsbile to interface with services and provide various methods to extract sboms. The output adapters handles all the complexity related to uploading sboms.
brew tap interlynk-io/interlynk
brew install sbommvOther installation options.
SBOM Platform - Interlynk
Our SBOM Automation Platform has a new free tier that provides a comprehensive solution to manage SBOMs (Software Bill of Materials) effortlessly. From centralized SBOM storage, built-in SBOM editor, continuous vulnerability mapping and assessment, and support for organizational policies, all while ensuring compliance and enhancing software supply chain security using integrated SBOM quality scores. The free tier is ideal for small teams. Try now
A Software Bill of Materials (SBOM) plays a crucial role in software supply chain security, compliance, and vulnerability management. However, organizations face a key challenge: How do you efficiently move SBOMs between different systems?.
There are two major categories of systems dealing with SBOMs: SBOM Sources (Input/Source Systems) and SBOM Consumers (Output/Target Systems). Manually fetching SBOMs from input systems and uploading them to output systems is: Time-consuming, Error-prone and Difficult to scale.
sbommv is designed to move SBOMs between systems effortlessly. It provides: Input Adapters(Fetch SBOMs from different sources) and Output Adapters(Upload SBOMs to analysis and security platforms). Currently sbommv support following input and output adapters:
- Input Adapters --> github, folder
- Output Adapters --> interlynk, folder
- Extract SBOMs from Input Systems (GitHub, local folders, package registries, etc.)
- Transform or Enrich SBOMs (Future capabilities for format conversion, enrichment)
- Send SBOMs to Output Systems(Interlynk, Dependency-Track(coming soon), folders, Security tools, SBOM repositories, compliance platforms). Whereas the folder output system is just for testing purpose, to see the SBOMs you fetched from Input Adapters.
- Generate INTERLYNK_SECURITY_TOKEN with the help of this resource.
- Until and unless you get an Rate Limitor error, github API will work for you. But as you get, generate GITHUB_TOKEN from here.
# export the tokens
export GITHUB_TOKEN=ghp_klgJBxKukyaoWA******
export INTERLYNK_SECURITY_TOKEN=lynk_api******2. Generate & Transfer SBOM's for all repositories in Github org of interlynk-io to Interlynk SBOM's platform
Generate & Transfer SBOM's from all repositories in the interlynk-io github organization using github apis, and transfer them to interlynk. If interlynk platform does not contain projects it will create them.
sbommv transfer --input-adapter=github --in-github-url="https://github.com/interlynk-io" --output-adapter=interlynk --out-interlynk-url="http://localhost:3000/lynkapi"This will look for the latest release of the repository and check if SBOMs are generated, in dry-run mode, it will just iterate the sboms found, and check if login to the output adapter works.
sbommv transfer --input-adapter=github --in-github-url=https://github.com/interlynk-io/sbomqs --in-github-method="release" --output-adapter=interlynk --out-interlynk-url=https://api.interlynk.io/lynkapi --dry-run- Getting started with sbommv.
- Try out more examples
- Detailed CLI command and it's flag usage
- More about Input and Output adapters
+---------------------+ +------------------------------+ +----------------------+
| Input Adapter | --> | Enrichment/Translation | --> | Output Adapter |
|-------------------- | |------------------------------| |----------------------|
| - GitHub | | - SBOM Translation* | | - Interlynk |
| - BitBucket* | | - Enrichment* | | - Dependency-Track* |
| - Dependency-Track*| +------------------------------+ | - Folder* |
| - Folder* | | |
+---------------------+ +-----------------------+
* Coming Soon
At its core, sbommv acts as a bridge, seamlessly connecting SBOM source systems (e.g., GitHub, AWS, folders, local files) with SBOM consumer systems (e.g., Interlynk, Dependency-Track, folder, security tools) β eliminating manual work. To achieve this, sbommv follows an adapter-based architecture, where different systems are abstracted as input and output adapters
Know about more about adapters, input adapters and output adapters.
https://github.com/interlynk-io/sbommv/releasesbrew tap interlynk-io/interlynk
brew install sbommvgo install github.com/interlynk-io/sbommv@latestThis approach involves cloning the repo and building it.
- Clone the repo
git clone [email protected]:interlynk-io/sbommv.git cdintosbommvfolder- make; make build
- To test if the build was successful run the following command
./build/sbommv version
We look forward to your contributions, below are a few guidelines on how to submit them
- Fork the repo
- Create your feature/bug branch (
git checkout -b feature/bug) - Commit your changes (
git commit -aSm "awesome new feature") - commits must be signed - Push your changes (
git push origin feature/new-feature) - Create a new pull-request
- SBOM Quality Score - Quality & Compliance tool
- SBOM Assembler - A tool to compose a single SBOM by combining other SBOMs or parts of them
- SBOM Quality Score - A tool for evaluating the quality and completeness of SBOMs
- SBOM Search Tool - A tool to grep style semantic search in SBOMs
- SBOM Explorer - A tool for discovering and downloading SBOMs from a public repository
We appreciate all feedback. The best ways to get in touch with us:
- β&
π °οΈ Slack - βοΈ Live Chat
- π« Email Us
- π Report a bug or enhancement
- β Follow us on X
If you like this project, please support us by starring it.
