Skip to content

Instantly share code, notes, and snippets.

@todd-dsm

todd-dsm/sbom.json

Last active February 19, 2026 23:54
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save todd-dsm/888623964b64ce2287e95c7e8c625108 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save todd-dsm/888623964b64ce2287e95c7e8c625108 to your computer and use it in GitHub Desktop.
Download ZIP
sbom sketch - humble beginnings
Raw
sbom.json
{
"Container": {
"Name": "$containerName",
"UID": "13ed01be-f035-41bb-9307-76fd06ddad9c",
"HASH": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"provenance": {
"source": "https://github.com/tukaani-project/xz",
"version": "1.0.0",
"proximity": "2"
}
}
}
@todd-dsm
Copy link
Author

todd-dsm commented Feb 19, 2026
edited
Loading

Description

This allows for a point from which to start: (assumes local and centralized resources)

Name: $containerName

UID: unique identifier (UUIDv4); immutable.

  • stored locally and shared back to the central service.
  • can only be replaced by a UID of higher proximity

HASH: ephemeral:

  • for local audit, tracing of every new container build
  • registries already produce ths

Provenance:

  • source: the source of the code
  • version
  • proximity: degrees from provenance/source

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment