Skip to content

lucasgonze/sbom-deny-list

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
filter-deny-list.py
filter-deny-list.py
 
 
sample-data.json
sample-data.json
 
 
sample-deny-list.txt
sample-deny-list.txt
 
 

Repository files navigation

SBOM False Positive Filter

A tool to remove false positives from an SBOM. This allows humans to flag and remove incorrect items in output from an automated generator.

Assumes your SBOM uses CycloneDX.

Test out your installation like this: python3 filter-deny-list.py sample-data.json sample-deny-list.txt

Using:

  1. Generate a CycloneDX SBOM using a tool like Snyk. See sample-data.json for an example.
  2. Read the "components" part of the SBOM to find incorrectly identified items, maybe using a JSON editor like jsoneditoronline.org. Typically these are fuzzy matches based on snippet text.
  3. When you find a wrong item, copy its bom-ref value.
  4. Paste the bom-ref value into a line in a file. See sample-deny-list.txt
  5. Run python3 filter-deny-list.py your-sbom.json your-deny-list.txt > filtered-sbom.json

About

Filter out components from a CycloneDX SBOM

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Security policy

Security policy
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages