Created
September 11, 2023 18:23
-
-
Save Moose0621/3d4ebb4436a3b9e9aa4ee67688bdb94d to your computer and use it in GitHub Desktop.
sbom-to-csv
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Define the GitHub API URL for the Dependency Graph Endpoint | |
| owner="octodemo" | |
| repo="demo-vulnerabilities-ghas" | |
| url="https://api.github.com/repos/$owner/$repo/dependency-graph/sbom" | |
| # GitHub CLI api | |
| # https://cli.github.com/manual/gh_api | |
| gh api \ | |
| -H "Accept: application/vnd.github+json" \ | |
| -H "X-GitHub-Api-Version: 2022-11-28" $url > sbom.json | |
| # This script uses jq to parse a JSON file (sbom.json) and extract specific fields from it. | |
| # The fields extracted are SPDXID, name, versionInfo, downloadLocation, filesAnalyzed, supplier, and externalRefs. | |
| # For each package in the 'packages' array of the JSON file, it extracts these fields. | |
| # If a field is not present, it substitutes "null" as the value. | |
| # The externalRefs field is an array, and for each item in this array, it extracts referenceCategory, referenceLocator, and referenceType. | |
| # The extracted data is then formatted as CSV and redirected to a file (sbom.csv). | |
| jq -r '.sbom.packages[] | [.SPDXID // "null", .name // "null", .versionInfo // "null", .downloadLocation // "null", .filesAnalyzed // "null", .supplier // "null", (.externalRefs[]? | .referenceCategory // "null", .referenceLocator // "null", .referenceType // "null")] | @csv' sbom.json > sbom.csv |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment