Skip to content

Files

Latest commit

jkowalleckjkowalleck
Add cyclonedx-bom scanner to benchmarks
Nov 20, 2024
ca7ff87 · Nov 20, 2024

History

History

benchmark

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
sboms
sboms
Nov 20, 2024
README.md
README.md
Nov 8, 2024
install-all.sh
install-all.sh
Nov 20, 2024
pyproject.toml
pyproject.toml
Nov 20, 2024
requirements.in
requirements.in
Nov 5, 2024
requirements.txt
requirements.txt
Nov 5, 2024
run-all.sh
run-all.sh
Nov 20, 2024
run-cdxgen.sh
run-cdxgen.sh
Nov 8, 2024
run-cyclonedx-bom-reqs.sh
run-cyclonedx-bom-reqs.sh
Nov 20, 2024
run-cyclonedx-bom-venv.sh
run-cyclonedx-bom-venv.sh
Nov 20, 2024
run-syft-reqs.sh
run-syft-reqs.sh
Nov 8, 2024
run-syft-venv.sh
run-syft-venv.sh
Nov 8, 2024
run-trivy.sh
run-trivy.sh
Nov 8, 2024

README.md

Benchmarks for SBOM generation tools

Run benchmarks for common open source SBOM generation tools on typical Python constructs like virtual environments.

Make sure all the tools are installed:

./install-all.sh

This requires a local Node installation for cdxgen. Then you can run the benchmarks:

$ ./run-all.sh

and inspect the results under sboms/.

Some generators only support reading from a requirements.txt file while some only support reading from a virtual environment. Syft supports scanning both sources but gives different results.