Lib.rs

Development tools | Cryptography
#sbom #tracking #artifact #graph #identity #identifier #build

bin+lib omnibor

Reproducible software identity and fine-grained build dependency tracking

by Andrew Lilley Brinker and 4 contributors

5 releases (3 breaking)

0.5.1 Mar 7, 2024
0.5.0 Mar 7, 2024
0.4.0 Feb 22, 2024
0.3.0 Feb 20, 2024
0.2.0 Feb 6, 2024

#454 in Cryptography

Download history 4/week @ 2024-02-13 230/week @ 2024-02-20 56/week @ 2024-02-27 290/week @ 2024-03-05 98/week @ 2024-03-12 8/week @ 2024-03-26 28/week @ 2024-04-02

174 downloads per month
Used in omnibor-cli

Apache-2.0

115KB
2K SLoC

omnibor Rust package

This crate implements the OmniBOR specification for software identity and fine-grained dependency tracking. This means it is intended to provide three things:

  • Artifact Identifiers: independently-reproducible identifiers for software artifacts.
  • Artifact Input Manifests: manifests which record all inputs used to produce a software artifact.
  • Artifact Dependency Graphs: graphs which represent all known dependencies, at the file level, for constructing a software artifact.

[!IMPORTANT] The OmniBOR spec, and this Rust package, are still a work-in-progress.

This package defines two crates:

  • Library: The omnibor library, suitable for integrating OmniBOR into your own Rust projects.
  • Binary: The omnibor CLI, which provides convenient mechanisms for producing and operating with OmniBOR identifiers and manifests.

Using the Library

Run the following to add the library to your own crate.

$ cargo add omnibor

Using the Binary

Run the following:

$ cargo install --path omnibor --features="build-binary"`

License

All of the OmniBOR Rust implementation is Apache-2.0 licensed.

Dependencies

~6–8.5MB
~173K SLoC