use-sbom 0.0.1

SBOM and software supply-chain metadata primitives for RustUse
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39

# use-sbom

Software bill of materials and software supply-chain security primitives for `RustUse`.

## Experimental

`use-sbom` is experimental while the `use-security` workspace remains below `0.3.0`. Expect small API adjustments during the first release wave.

## Example

```rust
use use_sbom::{SbomComponent, SbomComponentName, SbomComponentVersion};

let component = SbomComponent::new(
    SbomComponentName::new("example")?,
    SbomComponentVersion::new("1.0.0")?,
);

assert_eq!(component.name().as_str(), "example");
# Ok::<(), use_sbom::SbomTextError>(())
```

## Scope

- SBOM format, component, package URL, digest, license expression, relationship, and supply-chain risk metadata.
- Small validation helpers for non-empty SBOM text values.

## Non-goals

- Generating full SBOM documents.
- Full `CycloneDX` or `SPDX` parsing.
- Contacting package registries or advisory databases.

## License

Licensed under either of the following, at your option:

- Apache License, Version 2.0
- MIT license