Introducing
Sunshine, a first-of-its-kind visualization tool for CycloneDX files that can facilitate the adoption of CycloneDX by making SBOMs easily readable and more understandable by a broader audience.
Agenda
1. INTRODUCTION:1.1 What is an SBOM and why it’s important
1.2 What is the OWASP CycloneDX project
1.3 Brief introduction to the CycloneDX JSON/XML format
1.4 The missing piece: an actionable visualization tool for CycloneDX files
2. OWASP CYCLONEDX SUNSHINE: MAIN BENEFITS AND MAIN FEATURES2.1 Main benefits: visualize a CycloneDX file in an interactive and human-friendly way
2.2 Main feature #1: sunburst chart with dependencies, licenses and vulnerabilities (with live demo)
2.3 Main feature #2: table with dependencies, licenses and vulnerabilities (with live demo)
3. OWASP CYCLONEDX SUNSHINE: ADVANCED FEATURES3.1 Advanced feature #1: chart refocus to see only dependencies and vulnerabilities of a single component (with live demo)
3.2 Advanced feature #2: automatic recovery of missing bom-refs (with live demo)
3.3 Advanced feature #3: automatic recovery of broken dependency references (with live demo)
3.4 Advanced feature #4: circular dependencies detection (with live demo)
4. OWASP CYCLONEDX SUNSHINE: HOW TO USE AND A BIT OF IMPLEMENTATION DETAILS4.1 CLI version: pure python with no additional requirements (with live demo)
4.2 Web-based version: also the same python script, but it runs entirely inside the browser! (with live demo)
5. Q&ANote: A longer Q&A session will be held in the Project Demo Lab, room 133-134 - check the schedule for details!GitHub repo:
https://github.com/CycloneDX/Sunshine/Sunshine announcement:
https://www.linkedin.com/posts/owasp-cyclonedx_github-cyclonedxsunshine-sunshine-sbom-activity-7277371020246663168-5WNx
