sbomnix
parlay
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
sbomnix
-
Wolfi: A community Linux OS designed for the container and cloud-native era
I'm not sure what you mean by "non-trivial" but here's a simple discord bot I wrote in python, that I distribute as an OCI image and that is built with Nix for both x86_64 and aarch64 linux via GitHub actions: https://github.com/starcraft66/attention-attention
There is no SBOM because I didn't bother publishing one but the way Nix builds derivations, you basically get the SBOM for free. You could use a tool like sbomnix[1] to trivially generate an SPDX-format SBOM from the nix derivation that builds the container image.
1: https://github.com/tiiuae/sbomnix
parlay
What are some alternatives?
cyclonedx-core-java - CycloneDX SBOM Model and Utils for Creating and Validating BOMs
sbom-operator - Catalogue all images of a Kubernetes cluster to multiple targets with Syft
attention-attention - Attention! Attention!
bomber - Scans Software Bill of Materials (SBOMs) for security vulnerabilities
os - Main package repository for production Wolfi images
kubeclarity - KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems
images - Public Chainguard Images
grype - A vulnerability scanner for container images and filesystems
pipeline - A cloud-native Pipeline resource.
vulnerabilities - :rocket: A vulnerabilities database for fully-automated audits