Quickstart guide
Installation
Using Docker
docker pull ghcr.io/bit-bom/minefield:latest
docker run -it ghcr.io/bit-bom/minefield:latest
Building from source
git clone https://github.com/bit-bom/minefield.git
cd minefield
go build -o minefield main.go
./minefield
Using go install
go install github.com/bit-bom/minefield@latest
minefield
To start using Minefield
- Ingest some data:
minefield ingest sbom <sbom_file or sbom_dir> - Cache the data:
minefield cache - Run a query:
minefield query <query_string>
Example
- Ingest the
testSBOM directory:minefield ingest sbom test - Cache the data:
minefield cache - Run the leaderboard custom with "dependents PACKAGE":
- This command generates a ranked list of packages, ordered by the number of other packages that depend on them
minefield leaderboard custom "dependents PACKAGE" - Run a query on the top value from the leaderboard:
- This command is now querying the dependents for a specific package, in this case dep2
minefield query "dependents PACKAGE pkg:generic/dep2@1.0.0" - Run queries to see the shared dependencies of lib-A and dep1, and lib-A and lib-B
- These queries output the intersection of two queries, in this case we are finding package dependencies do each of the packages share between each other.
minefield query "dependencies PACKAGE pkg:generic/dep1@1.0.0 and dependencies PACKAGE pkg:generic/lib-A@1.0.0"minefield query "dependencies PACKAGE pkg:generic/lib-B@1.0.0 and dependencies PACKAGE pkg:generic/lib-A@1.0.0" - Run queries with the visualizer
minefield query "dependents PACKAGE pkg:generic/dep2@1.0.0 --visualize"