Lib.rs

Development tools | Cryptography
#sbom #tracking #artifact #graph #identity #identifier #build

bin+lib omnibor

Reproducible software identity and fine-grained build dependency tracking

by Andrew Lilley Brinker and 4 contributors

5 releases (3 breaking)

0.5.1 Mar 7, 2024
0.5.0 Mar 7, 2024
0.4.0 Feb 22, 2024
0.3.0 Feb 20, 2024
0.2.0 Feb 6, 2024

#466 in Development tools

Download history 48/week @ 2024-02-14 197/week @ 2024-02-21 45/week @ 2024-02-28 301/week @ 2024-03-06 87/week @ 2024-03-13 13/week @ 2024-03-27 23/week @ 2024-04-03

134 downloads per month
Used in omnibor-cli

Apache-2.0

115KB
2K SLoC

omnibor Rust package

This crate implements the OmniBOR specification for software identity and fine-grained dependency tracking. This means it is intended to provide three things:

  • Artifact Identifiers: independently-reproducible identifiers for software artifacts.
  • Artifact Input Manifests: manifests which record all inputs used to produce a software artifact.
  • Artifact Dependency Graphs: graphs which represent all known dependencies, at the file level, for constructing a software artifact.

[!IMPORTANT] The OmniBOR spec, and this Rust package, are still a work-in-progress.

This package defines two crates:

  • Library: The omnibor library, suitable for integrating OmniBOR into your own Rust projects.
  • Binary: The omnibor CLI, which provides convenient mechanisms for producing and operating with OmniBOR identifiers and manifests.

Using the Library

Run the following to add the library to your own crate.

$ cargo add omnibor

Using the Binary

Run the following:

$ cargo install --path omnibor --features="build-binary"`

License

All of the OmniBOR Rust implementation is Apache-2.0 licensed.

Dependencies

~6–8.5MB
~174K SLoC