Skip to content
Snippets Groups Projects
Select Git revision
20 results

main.go

  • Jamie Tanna's avatar
    da8fd346
    Add `renovate-to-sbom` CLI · da8fd346
    Jamie Tanna authored 
    To make it possible to generate SBOMs from Renovate data, we can create
a CLI to consume Renovate debug log, or renovate-graph exports, and then
produce an SBOM for that data.

This takes advantage of the internal handling we have in DMD for the
Renovate exports, and converts it to the underlying SPDX or CycloneDX
models.

This introduces:

- The scaffolding for the CLI
- The ability to convert Renovate's `PackageManager`/`Datasource`
  combination to a Package URL via the new `PurlTypeDeriver` type
- Support for the latest SPDX and CycloneDX specs (with JSON output)
- The ability to add new formats

Closes #55.
    da8fd346
    History
    Add `renovate-to-sbom` CLI
    Jamie Tanna authored 
    To make it possible to generate SBOMs from Renovate data, we can create
a CLI to consume Renovate debug log, or renovate-graph exports, and then
produce an SBOM for that data.

This takes advantage of the internal handling we have in DMD for the
Renovate exports, and converts it to the underlying SPDX or CycloneDX
models.

This introduces:

- The scaffolding for the CLI
- The ability to convert Renovate's `PackageManager`/`Datasource`
  combination to a Package URL via the new `PurlTypeDeriver` type
- Support for the latest SPDX and CycloneDX specs (with JSON output)
- The ability to add new formats

Closes #55.
Code owners
Assign users and groups as approvers for specific file changes. Learn more.