From 8d7080b4207acc155ccd43bcda3815896fd5f84f Mon Sep 17 00:00:00 2001 From: Prabhu Subramanian Date: Fri, 17 Jan 2025 23:09:03 +0000 Subject: [PATCH] Docs Signed-off-by: Prabhu Subramanian --- docs/LESSON2.md | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/docs/LESSON2.md b/docs/LESSON2.md index 7d93c0aee..80c7c3169 100644 --- a/docs/LESSON2.md +++ b/docs/LESSON2.md @@ -2,7 +2,10 @@ ## Learning Objective -In this lesson, we will learn about generating an SBOM with reachable evidence for Dependency-Track frontend, a JavaScript application. +In this lesson, we will learn about generating an SBOM with reachable evidence for two projects. + +1. Dependency-Track frontend - a JavaScript application. +2. bionomia - a Ruby application. ## Pre-requisites @@ -27,7 +30,7 @@ Clone git clone https://github.com/DependencyTrack/frontend ``` -Create SBOM with the research profile +Create SBOM with the research profile for JavaScript application. ```shell cd frontend @@ -37,3 +40,14 @@ cdxgen -o bom.json -t js --profile research . -p ``` The resulting BOM file would include components with the occurrence and call stack evidence. + +### bionomia - Ruby + +In case of the Ruby application, usage of the container image `ghcr.io/cyclonedx/cdxgen-debian-ruby33:v11` is recommended. + +```shell +git clone https://github.com/bionomia/bionomia +docker run --rm -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-debian-ruby33:v11 -r /app -o /app/bom.json -t ruby --profile research +``` + +cdxgen would automatically detect the version of Ruby required for this project, install, and generate an SBOM with the occurrence and call stack evidence.