What is bitbom?
bitbom is a suite of tools designed to enhance the management and analysis of Software Bill of Materials (SBOMs). It provides solutions for efficiently downloading, querying, and graphing SBOMs, helping organizations to better understand and manage their software dependencies and vulnerabilities.
minefield
Efficiency
minefield is designed to be extremely fast and memory efficient. minefield mainly uses Roaring Bitmaps and Dynamic Programming to do this. minefield stores all of its relationship data in Roaring Bitmaps so that there aren't bloated edges.
Situational Bitwise Queries
minefield uses bitwise queries to aggregate queries on SBOMs together, to get complex SBOM diffs, shared elements, and more.
Leaderboards
Leaderboards are impossible without caching. This is because leaderboards sort every artifact in the graph by a query, running thousands, if not millions, of queries at once. Without caching, this process could take literal years.
bomfactory
Automated SBOM Downloads
bomfactory automates the process of generating and downloading Software Bill of Materials (SBOMs) for critical projects as defined by the OpenSSF Criticality Score.
Advanced Querying
bomfactory allows users to perform complex queries on the downloaded SBOMs based on various criteria. For example, users can query for the SBOMs of the top 1000 most critical Google repositories.
bom-silo
Centralized SBOMs
bom-silo is a centralized repository for storing and managing SBOMs. This addresses the challenge of scattered SBOMs across different projects, providing a single source of truth for dependency and vulnerability management.
Generated using bomfactory
The SBOMs in bom-silo are generated using the bomfactory tool. This leverages bomfactory's advanced querying and criticality scoring features.