Categorygithub.com/dmdhrumilmistry/defect-detect
repositorypackage
0.0.0-20250208102234-a20fcf1ec462
Repository: https://github.com/dmdhrumilmistry/defect-detect.git
Documentation: pkg.go.dev
Overview
Dependencies
10
Dependents
0

# Packages

No description provided by the author
No description provided by the author

# README

defect-detect

Detect vulnerable components using sboms

Pre-requisites

  • Create Github fine grained token with "Contents" repository permissions (read)
  • Go Installed on Machine
  • Docker or other container oci environment

Installation

  • Clone repo and install tool

    git clone https://github.com/dmdhrumilmistry/defect-detect
cd defect-detect
go install -v ./...

  • Create config file

    cp .env.sample .env
export GITHUB_TOKEN="your-github-token" # this can be also added in config file

  • Start container env (mongodb)

    docker compose up -d

  • Start backend

    defect-detect

Usage

Import SBOM and Analyze components

  • Import Sbom into DB

    • Using File

      curl -X POST -F "[email protected]" http://localhost:8080/api/v1/sbom

    • Import Github Repo

      curl -X POST -H "application/json" -d '{"owner":"dmdhrumilmistry", "repo_name":"pyhtools"}' http://localhost:8080/api/v1/sbom/githubImport

    • Example Output

      {"id":"676f0bac3da126bf929f246c","message":"SBOM uploaded successfully"}

  • Create Project

    curl -X POST http://localhost:8080/api/v1/project -H "Content-Type: application/json" -d '{"name":"pyhtools", "description":"python hacking tools project", "sboms_to_retain": 2, "links": ["https://github.com/dmdhrumilmistry/pyhtools"], "sboms": ["676f0bac3da126bf929f246c"]}'

  • Analyze components

    curl -X POST "http://localhost:8080/api/v1/component?sbom_id=676f0bac3da126bf929f246c"

# Output
# {"ids":["676f0c4ff986a31a1ab2ecf5", "...snip..."],"message":"Components created successfully from Sbom"}

  • Fetch Vulnerable Components

    curl "http://localhost:8080/api/v1/component/vulns?sbom_ids=676f0bac3da126bf929f246c"

    Response will be paginated

    Supported query params: sbom_ids, component_names, component_versions, types, names, versions, purls Multiple values is supported separated by ,

    Query ParamDescription
    sbom_idsId of SBOM uploaded to the application
    component_namesName of Component fetched from Github Repo SBOM (com.github.dmdhrumiilmistry/pyhtools) or uploaded Sbom metadata Component (pyhtools)
    component_versionsVersion of Component fetched from Github Repo SBOM (main) or uploaded Sbom metadata Component (latest/v1.1.1)
    typesType of sbom component such as package, framework, etc.
    namesname of sbom component. It is usually dependency name
    versionsversion of sbom component
    purlpackage url of sbom component