Before moving on, please consider giving us a GitHub star ⭐️. Thank you!
BitBom Minefield is a tool that uses roaring-Bitmaps to graph SBOMs FAST.
Caching 10,000 SBOMs packages transitive dependents in 30 seconds.
- Quickstart Guide
- Example
- To Start Using Minefield
- How Minefield Works
- Custom Query Commands
- Visualization of a Query
- Documentation
- Blog
- Star History
- Acknowledgements
View Minefield demo on asciinema
- Ingest some data:
minefield ingest sbom <sbom_file or sbom_dir>
- Cache the data:
minefield cache
- Run a query:
minefield query <query_string>
Redis must be running at localhost:6379
. If not, please use make docker-up
to start Redis.
Redis must be running at localhost:6379
, if not please use make docker-up
to start Redis.
-
Start the api server
minefield start-service
-
Ingest the
test
SBOM directory:minefield ingest sbom testdata
-
Cache the data:
minefield cache
-
Run the leaderboard custom with "dependents PACKAGE":
- This command generates a ranked list of packages, ordered by the number of other packages that depend on them.
minefield leaderboard custom "dependents PACKAGE"
-
Run a query on the top value from the leaderboard:
- This command queries the dependents for a specific package, in this case
dep2
.
- This command queries the dependents for a specific package, in this case
-
Run queries to see the shared dependencies of
lib-A
anddep1
, andlib-A
andlib-B
:- These queries output the intersection of two queries, finding package dependencies shared between each pair.
minefield query "dependencies PACKAGE pkg:generic/[email protected] and dependencies PACKAGE pkg:generic/[email protected]"
-
Run queries with the visualizer:
minefield query "dependents PACKAGE pkg:generic/[email protected] --visualize"
docker pull ghcr.io/bitbomdev/minefield:latest
docker run -it ghcr.io/bitbomdev/minefield:latest
git clone https://github.com/bitbomdev/minefield.git
cd minefield
go build -o minefield main.go
./minefield
The design decisions and architecture of Minefield can be found here.
For comprehensive guides and detailed documentation, please visit our Docs.
Stay updated with the latest news and insights by visiting our Blog.