Skip to content

creating-ruby-sbom.md

Latest commit

 

History

History
142 lines (108 loc) · 4.07 KB

creating-ruby-sbom.md

File metadata and controls

142 lines (108 loc) · 4.07 KB

Creating SBOMs from Ruby Projects

Introduction

This tutorial illustrates how to produce an SBOM from Ruby projects using the Cyclonedx-Ruby-Gem CLI.

Requirements

  • Ruby
  • Gem Dependency Manager

Installation

Through Gem

Install CycloneDX-Ruby with the command:

gem install cyclonedx-ruby

Through Source

Clone, build and install the CycloneDX-Ruby repository through the following commands:

git clone https://github.com/CycloneDX/cyclonedx-ruby-gem.git
gem build cyclonedx-ruby.gemspec
gem install cyclonedx-ruby-<version-number>.gem

Verify installation with the command:

cyclonedx-ruby -h

You should see the resultant output:

Usage: cyclonedx-ruby [options]
    -v, --[no-]verbose               Run verbosely
    -p, --path path                  (Required) Path to Ruby project directory
    -o, --output bom_file_path       (Optional) Path to output the bom.xml file to
    -f, --format bom_output_format   (Optional) Output format for bom. Currently support xml (default) and json.
    -h, --help                       Show help message

Usage

Navigate to a Ruby project.

Run the command:

cyclonedx-ruby -p .

A "bom.xml" file should appear in the same directory.

Alternatively, the -p and -o flags can be used to select a project folder path, and output the SBOM to a custom file path, respectively.

Notes

  • Certain metadata components of the produced SBOM may be missing, such as SBOM type, Package type, Name and Version.

  • The version built from source (1.2.0) appears to be more up to date than the version available on RubyGem (1.1.0), with features like bom_output_format missing from the latter.

Example SBOM

This section illustrates CycloneDX JSON and XML SBOMs of the Cocoapods codebase, created by CycloneDX-Ruby-Gem.

<title>Pretty JSON Display</title> <style> #json-container { height: 400px; /* Set a fixed height */ overflow-y: auto; /* Enable vertical scrolling */ border: 2px solid #ccc; /* Optional: add a border for visibility */ padding: 10px; } #xml-container { height: 400px; /* Set a fixed height */ overflow-y: auto; /* Enable vertical scrolling */ border: 2px solid #ccc; /* Optional: add a border for visibility */ padding: 10px; } pre { margin: 0; white-space: pre-wrap; word-wrap: break-word; } </style>

Cocoapods (json) 


    

    

        Cocoapods (xml)
    

    

        

    

    <script>
        function display_json(url, elementid){
        fetch(url)
            .then(response => response.json())
            .then(data => {
                document.getElementById(elementid).textContent = JSON.stringify(data, null, 2);
            })
            .catch(error => console.error('Error fetching JSON:', error));
        }
        function display_xml(url, elementid){
        fetch(url)
            .then(response => response.text())
            .then(data => {
                document.getElementById(elementid).textContent = data;
            })
            .catch(error => console.error('Error fetching JSON:', error));
        }
    display_json('./cocoapods-ruby.cdx.json', 'json-display');
    display_xml('./cocoapods-ruby.cdx.xml', 'xml-display');
    </script>



References