This repository contains the Software Bill of Materials (SBOM) for OpenSSF critical projects. It serves as a silo for SBOMs, providing a centralized location for these essential documents.
The SBOMs in this repository are generated using the bomfactory tool. This tool automates the process of downloading SBOMs for multiple repositories, addressing the lack of tools for easily obtaining SBOMs, which are crucial for software testing and security analysis.
Currently, there is no straightforward way to obtain SBOMs for critical projects. This repository aims to fill that gap by providing a collection of SBOMs for OpenSSF critical projects.
To generate SBOMs for your own projects, you can use the bomfactory tool. For more information on how to use bomfactory, please refer to its documentation.