Webserver with status of SBOM Poc
First ensure you have the following set up in your computer
- elixir 1.10.4
- nodejs > 12 LTS
- Postgresql > 11
You can use the phoenix installation guide to ensure you have everything set up as expected
You will need to install the following dependancies to enable production of SBOM files from the command line
npm install -g @cyclonedx/bom
username: sbom
password: sbom
To start your Phoenix server:
- Install dependencies with
mix deps.get
- Create and migrate your database with
mix ecto.setup
- Install Node.js dependencies with
npm install
inside theassets
directory - Start Phoenix endpoint with
mix phx.server
Now you can visit localhost:4000
from your browser.
This project includes a couple of convenience make
tasks. To get the full list
of the tasks run the command make targets
to see a list of current tasks. For example
Targets
---------------------------------------------------------------
compile compile the project
format Run formatting tools on the code
lint-compile check for warnings in functions used in the project
lint-credo Use credo to ensure formatting styles
lint-format Check if the project is well formated using elixir formatter
lint Check if the project follows set conventions such as formatting
test Run the test suite
sbom Create SBOM file for hex and npm deps
To generate an sbom file, use the make task make sbom
to generate a bom.json
and bom.xml
file on the project root.
Before you begin:
- Download cyclonedx-cli tool that supports converting of sbom in different formats.
- Ensure that the
cyclonedx-cli tool
is executable, if not use the command to make it executablechmod a+x cyclonedx-cli tool
- Add the
cyclonedx-cli tool
to the root of the project and rename it to `cyclonedx-cli**
Note: If you get an error on MacOS
cannot be opened because the developer cannot be verified. macOS cannot verify that this app is free from malware
You might get an error when running this command on a mac, follow instructions on stackoverflow to allow the binary to execute
If you want to deploy your own bom analysis tool, you can follow this instructions to get set up
Instructions to deployment can be found on deployment docs
You can add your project status as markdown content by adding a markdown file to the /status
directory.
Your markdown file needs to have an author and the body.
%{
author: "Your company name or your name"
}
---
The body of your content
This is at the top of the file and can look like this:
%{
author: "Your company name or your name"
}
The body comes immediatly after the author declaration and is marked by three dashes ---
---
The body of your content
A sample file can be found at status/sample.md