DruBOM - Drupal Bill of Materials (SBOM)

Drubom - Drupal Bill of Materials

What is Drubom ?

DruBOM, short for Drupal Bill of Materials, is a module specifically designed for installations. It leverages the capabilities of Anchore Grype and Anchore Syft to produce a comprehensive software bill of materials (SBOM) for a Drupal site. This includes PHP dependencies and libraries from other ecosystems, such as JavaScript dependencies.

What is an SBOM and why it's crucial

A Software Bill of Materials (SBOM) is a list of all the components of a software application. It includes information such as the name of each element, the version number, and any dependencies it has on other parts.

An SBOM aims to provide transparency and accountability in the software supply chain, helping organizations identify and address potential security vulnerabilities and other risks. By understanding precisely what software components are included in an application, organizations can take steps to ensure that they are up-to-date, properly licensed, and free from known security vulnerabilities.

This is particularly important in today's digital landscape, where cyber threats are evolving rapidly, and software applications are increasingly complex and interconnected. In short, an SBOM is a critical tool for managing software risk and ensuring the security and integrity of your organization's digital assets.

How it works

It is simple; it can be used with Drush or the admin console. You need this module and the Syft and/or Grype binaries installed, which are reachable from PHP.

You can find more detailed instructions on how to use it in the README file of the source code.

The module is currently in active development, and changes may happen rapidly. You are encouraged to collaborate using any means you prefer, from issues to testing to new features.