SBOMgensbomgen

Creating SBOMs From Binary Files Using Sufactant

Introduction

This tutorial illustrates how to create an SBOM from binary files (PE, ELF, MSI) using the Surfactant CLI.

Requirements

Installation

Install Surfactant by running:

pip install surfactant

Usage

Configuration File

Surfactant requires a configuration file to generate an SBOM. A basic configuration file can be created via the command:

surfactant create-config input-folder-path -o output-configuration-file-name.json

This results in a basic configuration file akin to that shown below:

[
    {
        "extractPaths": ["input-folder-path"],
        "installPrefix": "/"
    }
]

This file should be modified to point to the location of selected binaries within that you wish to include in your SBOM, for example:

[
    {
        "extractPaths": ["input-folder-path/subpath-to-binary-folder-1", "input-folder-path/subpath-to-binary-folder-2"],
        "installPrefix": "/"
    }
]

Generating an SBOM

With a configuration file created, an SBOM can be created via the command:

surfactant generate <configuration-file-pathname> <output-file-pathname> --output_format <output-format>

Where output-format can be one of:

An SBOM of your designated format will be created.

Notes

Example SBOM

This section illustrates CycloneDX and Cytrics JSON SBOMs, one regular, one extensive, created from the Systemd binary, created via Surfactant.

Pretty JSON Display

Helics (cyclonedx-json) 


    

    

        Helics (cytrics-json)
    

    

        

    

    




References





      
      

        This site is open source. Improve this page.