This doc can be used to generate a SBOM manually with Syft.
Install the Syft binary.
Use the following command to generate a simple SBOM file form the repository:
syft .Alternative output variants can be found here.
Use the following command to generate a SBOM markdown file using the example.sbom.tmpl goTemplate template file:
SYFT_GOLANG_SEARCH_REMOTE_LICENSES=true syft ghcr.io/telekom/sparrow:v0.5.0 -o template -t scripts/sbom/example.sbom.tmplSetting the env variable SYFT_GOLANG_SEARCH_REMOTE_LICENSES=true will ensure to lookup licenses remotely. In this example the sparrow image in version v0.5.0 is scanned.