Skills

sbom

Installation
SKILL.md

SBOM Generation and License Resolution

Generate CycloneDX SBOMs, resolve missing licenses, and export to CSV for compliance review.

Overview

The OpenShell SBOM tooling produces CycloneDX JSON SBOMs using Syft, resolves missing or hash-based licenses by querying public registries (crates.io, npm, PyPI), and exports the results to CSV for stakeholder review.

SBOMs are release artifacts only -- they are generated on demand and not committed to the repository. Output lands in deploy/sbom/output/ (gitignored).

Prerequisites

  • mise install has been run (installs Syft and other tools)
  • The repository is checked out at the root

Workflow 1: Full SBOM Generation (One Command)

Installs
4
Repository
nvidia/openshell
GitHub Stars
7.0K
First Seen
Mar 18, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykWarn
sbom — nvidia/openshell