The Mobster project is a Python-based tool and ecosystem to work with SBOM (Software Bill of Materials) documents. Its goal is to provide unified interface for generating, manipulating and consuming SBOM documents in various formats.
The tools is designed to cover a whole lifecycle of SBOM documents. The major stages are:
- Generation: Generate SBOMs document from various sources (Syft, Hermeto, etc.)
- Augmentation: Augment SBOM documents with additional information that are not present in the phase of generation. This phase is usually done in the release phase where we know more information about the software.
- Validation: Validate a quality of the SBOM document in different stages of the lifecycle. The validation is done by the Product Security team guidelies.
- Distribution: Distribute the SBOM document to various set of locations (e.g. Trusted Profile Analyzer, container registry, etc.)
To use the Mobster tool, you need to install it first. There are multiple ways to isnstall the tool:
pip install mobsterTODO: Add this section once the release is configured in Konflux.
Follow an instruction in the development-environment.md file to set up your development environment.
We welcome contributions to the Mobster project! If you would like to contribute, please follow these steps:
- Fork the repository
- Create a new branch for your feature or bug fix
- Make your changes and commit them with a clear message (following the
conventional commit format)
(e.g.
feat: add new featureorfix: fix a bug) - Open a pull request to the main repository
- Make sure the CI checks pass and the code is properly formatted
- Wait for the review and address any comments or suggestions
- Once your changes are approved, they will be merged into the main branch
- Congratulations! You have successfully contributed to the Mobster project
This project is licensed under the Apache License 2.0. See the LICENSE file for details.