Skip to content

feat(lab4): SBOM generation and comparison report#4

Open
ironveils wants to merge 2 commits into
mainfrom
feature/lab4
Open

feat(lab4): SBOM generation and comparison report#4
ironveils wants to merge 2 commits into
mainfrom
feature/lab4

Conversation

@ironveils

@ironveils ironveils commented Jun 18, 2026

Copy link
Copy Markdown
Owner

Pull Request

Goal

Generate an SBOM of the Juice Shop image with Syft, scan it with Grype, compare against Trivy's all-in-one approach, and produce a signed-ready CycloneDX SBOM

Changes

  • submissions/lab4.md (SBOM stats, Grype severity breakdown, top-10 CVEs, fix-available rate, Trivy comparison)
  • labs/lab4/juice-shop.cdx.json (CycloneDX SBOM)
  • labs/lab4/juice-shop.spdx.json (SPDX SBOM)

Testing

  • Syft generated 1846 components in CycloneDX SBOM
  • Grype found 105 vulnerabilities
  • Trivy found 109 vulnerabilities

Checklist

  • Title is clear (feat(labN): <topic>)
  • No secrets/large temp files committed
  • Submission file at submissions/labN.md exists

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ironveils