benchmark

Benchmarks for SBOM generation tools

Run benchmarks for common open source SBOM generation tools on typical Python constructs like virtual environments.

Make sure all the tools are installed:

./install-all.sh

This requires a local Node installation for cdxgen. Then you can run the benchmarks:

$ ./run-all.sh

and inspect the results under sboms/.

Some generators only support reading from a requirements.txt file while some only support reading from a virtual environment. Syft supports scanning both sources but gives different results.

Name		Name	Last commit message	Last commit date
parent directory ..
sboms		sboms
README.md		README.md
install-all.sh		install-all.sh
pyproject.toml		pyproject.toml
requirements.in		requirements.in
requirements.txt		requirements.txt
run-all.sh		run-all.sh
run-cdxgen.sh		run-cdxgen.sh
run-cyclonedx-bom-reqs.sh		run-cyclonedx-bom-reqs.sh
run-cyclonedx-bom-venv.sh		run-cyclonedx-bom-venv.sh
run-syft-reqs.sh		run-syft-reqs.sh
run-syft-venv.sh		run-syft-venv.sh
run-trivy.sh		run-trivy.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

Benchmarks for SBOM generation tools

FilesExpand file tree

benchmark

Directory actions

More options

Directory actions

More options

Latest commit

History

benchmark

Folders and files

parent directory

README.md

Benchmarks for SBOM generation tools