Skip to content

Latest commit

 

History

History
154 lines (117 loc) · 4.09 KB

creating-binary-sbom-blint.md

File metadata and controls

154 lines (117 loc) · 4.09 KB
Raw

Creating SBOMs From a Binary File Using Blint

Introduction

This tutorial illustrates how to create an SBOM from a binary file using the Blint CLI.

Requirements

  • Python 3

  • Pip

Installation

Install Blint by running the command:

pip install blint

verify installation by running:

blint -h

You should see the resulting output:

usage: blint [-h] [-i SRC_DIR_IMAGE [SRC_DIR_IMAGE ...]] [-o REPORTS_DIR] [--no-error] [--no-banner] [--no-reviews]
             [--suggest-fuzzable]
             {sbom} ...

Binary linter and SBOM generator.

options:
  -h, --help            show this help message and exit
  -i SRC_DIR_IMAGE [SRC_DIR_IMAGE ...], --src SRC_DIR_IMAGE [SRC_DIR_IMAGE ...]
                        Source directories, container images or binary files. Defaults to current directory.
  -o REPORTS_DIR, --reports REPORTS_DIR
                        Reports directory. Defaults to reports.
  --no-error            Continue on error to prevent build from breaking.
  --no-banner           Do not display banner.
  --no-reviews          Do not perform method reviews.
  --suggest-fuzzable    Suggest functions and symbols for fuzzing based on a dictionary.

sub-commands:
  Additional sub-commands

  {sbom}
    sbom                Command to generate SBOM for supported binaries.

Usage

Basic SBOM

For a basic SBOM run:

blint sbom -i </path/to/binary> -o <sbom_output_filename>

Deep SBOM

For a more extensive SBOM run:

blint sbom -i </path/to/binary> -o <sbom_output_filename> --deep

Notes

  • This tool may be limited in its ability to comprehensively locate and list dependency data.

  • The SBOMs generated by this tool create component bom-refs as PURLs. It may create a component bom-ref as follows:

    "bom-ref": "pkg:file/<component-name>"

    While this format is not invalid in regards to the CycloneDX JSON Schema, note that "file" is not a known PURL type. This may affect SBOM analysis.

SBOM

<title>Pretty JSON Display</title> <style> #json-container { height: 400px; /* Set a fixed height */ overflow-y: auto; /* Enable vertical scrolling */ border: 2px solid #ccc; /* Optional: add a border for visibility */ padding: 10px; } #xml-container { height: 400px; /* Set a fixed height */ overflow-y: auto; /* Enable vertical scrolling */ border: 2px solid #ccc; /* Optional: add a border for visibility */ padding: 10px; } pre { margin: 0; white-space: pre-wrap; word-wrap: break-word; } </style>

systemd (json) 


    

    

        systemd deep (json)
    

    

        

    

    <script>
        function display_json(url, elementid){
        fetch(url)
            .then(response => response.json())
            .then(data => {
                document.getElementById(elementid).textContent = JSON.stringify(data, null, 2);
            })
            .catch(error => console.error('Error fetching JSON:', error));
        }
        function display_xml(url, elementid){
        fetch(url)
            .then(response => response.text())
            .then(data => {
                document.getElementById(elementid).textContent = data;
            })
            .catch(error => console.error('Error fetching XML:', error));
        }
    display_json('./systemd_sbom.json', 'json-display1');
    display_json('./systemd_sbom_deep.json', 'json-display2');
    </script>



References