Part of the FOSSer CLI Tool Series to generate full documentation of the SBOM

This part is responsible to take a sbom in the fosser tool format and fill it for every package with as much metadata as it can, as well as filtering out unimportant libraries

• Support for Nuget, Npm and Go package managers
• Fetching MetaData like summaries, licenses, author, release date etc.
• Outputs a file with fully mapped libs that can be inserted into a foss document

• it is planned to support more languages like c++ and generally docker

After building the Go Application it can be used like the following

fosser_otsgenerator [Path/To/SBOM] [Path/To/Config] [Path/For/Output]

The Tool outputs a foss.yml file with the following structure:

type BuildInfo struct {
	Name      string
	Languages []string
	Modules   []Module
}

type Module struct {
	Name     string
	Source   string
	Version  string
	Hash     string //ID
	Parents  []string
	TopLevel bool
	Info     RepoInfo
}

type RepoInfo struct {
	Author      string
	Description string
	License     string
	Release     time.Time
}

Name The from the source extracted library Name
Source A generated link to the official package site of that library
Version The exact Version of the package that is used
Hash Hash value of the package
Parents A list of all Parent Dependencies. This list is needed for the foss document TopLevel Important for npm and Docker

Author The official creator from the library
Description A short description for what the library does and what its purpous is
Licenses The License this library uses
Release The Date this library with the specified version was released

foss_toolconverter
 ┣ cmd
 ┃ ┗ rootCmd.go
 ┣ internal
 ┃ ┣ models
 ┃ ┃ ┗ dependency.go
 ┃ ┣ manager.go
 ┃ ┣ packageJson.go
 ┃ ┗ syft_convert.go
 ┣ .gitignore
 ┣ go.mod
 ┣ go.sum
 ┗ main.go