Skip to content

bitbomdev/minefield

BranchesTags

Repository files navigation

BitBom Long Logo

Go Report Card Build and Test

Before moving on, please consider giving us a GitHub star ⭐️. Thank you!

BitBom Minefield is a tool that uses roaring-Bitmaps to graph SBOMs FAST.

img.png

Caching 10,000 SBOMs packages transitive dependents in 30 seconds.

Table of Contents

  1. Quickstart Guide
  2. Example
  3. To Start Using Minefield
  4. How Minefield Works
  5. Custom Query Commands
  6. Visualization of a Query
  7. Star History
  8. Acknowledgements

View Minefield demo on asciinema

Quickstart Guide

  1. Ingest some data: minefield ingest sbom <sbom_file or sbom_dir>
  2. Cache the data: minefield cache
  3. Run a query: minefield query <query_string>

Example

Redis must be running at localhost:6379, if not please use make docker-up to start Redis.

  1. Ingest the test SBOM directory: 
    minefield ingest sbom test
  2. Cache the data: 
    minefield cache
  3. Run the leaderboard custom with "dependents PACKAGE":
    • This command generates a ranked list of packages, ordered by the number of other packages that depend on them
    minefield leaderboard custom "dependents PACKAGE"
  4. Run a query on the top value from the leaderboard:
    • This command is now querying the dependents for a specific package, in this case dep2
    minefield query "dependents PACKAGE pkg:generic/dep2@1.0.0"
  5. Run queries to see the shared dependencies of lib-A and dep1, and lib-A and lib-B
    • These queries output the intersection of two queries, in this case we are finding package dependencies do each of the packages share between each other.
    minefield query "dependencies PACKAGE pkg:generic/dep1@1.0.0 and dependencies PACKAGE pkg:generic/lib-A@1.0.0" 
    minefield query "dependencies PACKAGE pkg:generic/lib-B@1.0.0 and dependencies PACKAGE pkg:generic/lib-A@1.0.0"
  6. Run queries with the visualizer 
    minefield query "dependents PACKAGE pkg:generic/dep2@1.0.0 --visualize"

To Start Using Minefield

Using Docker

docker pull ghcr.io/bitbomdev/minefield:latest
docker run -it ghcr.io/bitbomdev/minefield:latest

Building From Source

git clone https://github.com/bitbomdev/minefield.git
cd minefield
go build -o minefield main.go
./minefield

How Minefield Works

The design decisions and architecture of Minefield can be found here.

Custom Query Commands

For detailed information on available query commands and their usage, please refer to the Custom Query Commands documentation.

Visualization of a Query

img.png

Star History

Star History Chart

Acknowledgements

About

Graphing SBOM's Fast.

bitbom.dev

Topics

graph roaring-bitmaps sbom supply-chain-security

Resources

Readme
Activity
Custom properties

Stars

103 stars

Watchers

5 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors 5

Languages