Skip to content

Commit 5971542

Browse files
aegilopsaegilops
authored
Revise SBOM caching and logging options in README
1 parent 9f98a56 commit 5971542

File tree

1 file changed

+4
-5
lines changed

1 file changed

+4
-5
lines changed

README.md

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -9,17 +9,16 @@ Search collected SBOMs by PURL, cache them for offline analysis, sync malware se
99
- Enumerate orgs in an Enterprise and repos in each org
1010
- Fetch SBOM per repo with concurrency + optional delay and retry/throttle handling
1111
- Search for packages by exact PURL, semver/range, or wildcard (trailing `/*` after the package name path segment)
12-
- Cache SBOMs in a single directory (JSON per repository) with offline re-use
13-
- SBOMs are now written incrementally as each repository is fetched (no need to wait for the entire run)
12+
- Cache SBOMs in a directory (one file per repository)
13+
- SBOMs are written incrementally to allow for stopping and resuming
1414
- Sync malware security advisories from the GitHub Advisory Database
1515
- Version-aware matching of SBOM packages vs. malware advisories
1616
- Optional SARIF 2.1.0 output per repository for malware matches with optional Code Scanning upload
1717
- Works with GitHub.com, GitHub Enterprise Server, GitHub Enterprise Managed Users and GitHub Enterprise Cloud with Data Residency (custom base URL)
1818
- Reason tracing: every search match shows which query matched; every malware match shows which advisory triggered it
1919
- Interactive REPL for ad‑hoc PURL queries (history, graceful Ctrl+C handling)
20-
- Optional progress bar while fetching SBOMs (suppresses normal per‑org logging)
21-
- Option to suppress secondary rate limit warnings (prevents breaking the progress bar display)
22-
- Quiet mode to suppress non-error console output while retaining progress bar, human readable results and machine-readable JSON
20+
- Optional progress bar while fetching SBOMs
21+
- Option to suppress secondary rate limit warnings, and full quiet mode to suppress non-error console output while retaining progress bar, human readable results and machine-readable JSON
2322
- Intelligent skip logic: if the repository was pushed to, but the default branch head commit date isn't newer than the prior SBOM retrieval, the existing cached SBOM is reused
2423
- Adaptive backoff: each secondary rate limit hit increases the SBOM fetch delay by 10% to reduce future throttling
2524

0 commit comments

Comments
 (0)