Skip to content

The SCANOSS SBOM Workbench graphical user interface to scan and audit your source code.

License

Notifications You must be signed in to change notification settings

scanoss/sbom-workbench

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

GitHub release (latest by date) License REUSE status test_workflow

The SBOM Workbench is a graphical user interface to scan and audit source code using SCANOSS API.

Auditing your source code for license compliance has never been easier. Simply scan your source code directory to find and identify open source components. Generate your SPDX-Lite software bill of materials (SBOM) with the press of a button.

Find prebuilt binaries for all platforms over at: Software Transparency Foundation

Prerequisites

  • Node.js v14+
  • NPM (Node Packages Manager)

We strongly recommend handling your node versions using nvm

Install

npm install --legacy-peer-deps

Please note that you should include the --legacy-peer-deps parameter in the installation command. This is because @mui/styles is not compatible with React 18. You can find more information about this at https://mui.com/system/styles/basics/.

Troubleshooting

SBOM Workbench uses node-gyp to compile SQLite3 native module. This module uses "node-pre-gyp" to download the prebuilt binary for your platform instead you need build from source. In case it does not exist for your platform, node-gyp going to build it.

Depending on your operating system, you will need prepare the correct environment to run node-gyp: See https://github.com/nodejs/node-gyp#installation

Starting Development

Start the app in the dev environment:

npm start

For live reloading you can use npm run start --watch to run the app using Electronmon. Warning: this tool has a high memory consumption.

Packaging for Production

To package apps for the local platform:

npm run package

Multi-language (i18n)

SBOM Workbench is multi-language enabled. To contribute a new language please see our internationalization documentation.

Workbench Configuration

SBOM Workbench support advanced settings. All the configurations needs to be included in the global config file ~/.scanoss/sbom-workbench-settings.json

Scanner parameters

"SCANNER_CONCURRENCY_LIMIT": "<integer>" Number of threads to use while scanning (optional - default 5)

"SCANNER_POST_SIZE": "<intenger>" Number of kilobytes to limit the post to while scanning (optional - default 16)

"SCANNER_TIMEOUT": "<integer>" Timeout (in seconds) for API communication (optional - default 300)

Proxy settings

You might need to specify proxy settings depending on how your network is configured

"PROXY": "<proxy_ip_address>:<proxy_port>"

If your network is using a proxy with SSL interception you can include your certificate in the configuration

"CA_CERT": "<certificate_path>"

You can disable any SSL errors, to do so you can change this option to true

"IGNORE_CERT_ERRORS": true

Local Cryptography Detection

Local cryptography can be detected by SBOM-Workbench when an API key is set.

A default set of rules is defined for local cryptography detection. However, a custom set of rules can be defined at the root of the project to be scanned with the following name scanoss-crypto-rules.json. A sample file can be found here.

Example structure of the file:

[
   {
    "algorithm": "md5",
    "strength": "128",
    "keywords": [
      "md5_file",
      "md5",
      "md5crypt",
      "aprcrypt",
      "md5_encrypt",
      "md5_block_data_order",
      "ossl_md5_sha1_",
      "MD5_Init"
    ]
  }
]

The SBOM Workbench includes support for a collaborative workspace, a feature designed to enhance teamwork. View more details here.

Contributing

SBOM Workbench is an open source project, and we love to receive contributions from our community. There are many ways to contribute. For more information see the Contributing Guide and Code of Conduct.

Docs

This project was made using Electron React Boilerplate

See docs and guides here