Installation
The installation consists of two main components:
- Minefield: The core engine that graphs and analyzes Software Bill of Materials (SBOM) data
- Scorecard Downloader: A tool to fetch OpenSSF Scorecard data for GitHub repositories (optional)
Installing Minefield​
- Git
- GitHub CLI
- Docker
- Go Install
git clone git@github.com:bitbomdev/minefield.git
cd minefield
go build -o minefield main.go
gh repo clone bitbomdev/minefield
cd minefield
go build -o minefield main.go
docker pull ghcr.io/bitbomdev/minefield:latest
docker run -it ghcr.io/bitbomdev/minefield:latest
go get github.com/bitbomdev/minefield
Installing Scorecard Downloader (Optional)​
The Scorecard Downloader helps fetch security metrics data that can be ingested into Minefield. You can skip this step if you have your own data source.
- Git
- GitHub CLI
- Go Install
git clone git@github.com:bitbomdev/scorecard-downloader.git
cd scorecard-downloader
go build
gh repo clone bitbomdev/scorecard-downloader
cd scorecard-downloader
go build
go get github.com/bitbomdev/scorecard-downloader