This gem assists in the generation of SBOM files for rails projects which use both RubyGems and other dependency types, such as javascript.
Each SBOM generation goes through one or more phases:
- Generate the RubyGem dependency SBOM
- Generate other SBOMs (most commonly for NPM packges)
- Merge previous SBOMs in to a single artifact
Right now, the project supports SBOM generation for:
- RubyGems via GemReport
- NPM via CycloneDX NPM
- Custom SBOMs (useful for things you can't detect automatically)
- Debian DPKG (ubuntu support is planned - only does debian for now)