Generating SBOMs
This ability is limited to team members with Admin and/or Member roles.
Software development teams should be generating SBOMs regularly (and, ideally, automatically) as they write and push new code. Manifest offers multiple ways to easily generate SBOMs manually and automatically in your workflow.
Using the Github App
The fastest and easiest way to get up and running with SBOM generation for Github users. This leverages Github's native SBOM generation capabilities, which do have some limitations.
Using the Github Action (Recommended for all Github users)
Manifest provides a Github Action that leverages our command line tool for SBOM Generation. Read the detailed instructions, with examples here: Configuring the Github Action.
Using the Manifest CLI
Manifest maintains a command-line interface (CLI) for SBOM generation, merging, publishing, signing, and other operations. The CLI offers the most advanced and configurable way to generate SBOMs. The CLI can also be incorporated into any CI/CD pipeline tools, such as Azure DevOps, TeamCity, CirceCI, etc.
Read the guide here: Configuring the CLI.
Using Third-Party Generators
If your organization is already generating SBOMs with another tool, we can support & ingest those as well. Read more here: Using Third-Party Generators.
Updated about 1 month ago