sbom-generation
CommunityGenerate and manage SBOMs for software supply chains.
Software Engineering#vulnerability-management#spdx#dependency-tracking#sbom#cosign#attestation#cyclonedx
Authormarquesfelip
Version1.0.0
Installs0
System Documentation
What problem does it solve?
SBOM generation and management enable visibility into software components, licensing, and security across the supply chain, helping teams meet regulatory requirements and improve risk posture.
Core Features & Use Cases
- SBOM generation in multiple formats (CycloneDX, SPDX): Produce machine-readable SBOMs for compliance, security tooling, and audits.
- Attestation and signing: Sign SBOMs with Cosign and attach to container images or releases for provenance.
- Storage & distribution: Store SBOMs in release assets and artifact repositories, and ingest into Dependency Track for ongoing monitoring.
- Tooling options: Choose among Syft, Trivy, or cdxgen to generate accurate SBOMs at source or image level.
Quick Start
Generate a CycloneDX SBOM for the final build in your CI pipeline and attach it to the release assets.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: sbom-generation Download link: https://github.com/marquesfelip/agents-and-skills/archive/main.zip#sbom-generation Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.