added blog post

san-zrl · san-zrl · commit 4dc13880aca0 · 2025-05-27T10:57:07.000+02:00
Signed-off-by: san-zrl &lt;san@zurich.ibm.com&gt;
diff --git a/PQCA-blog-post.md b/PQCA-blog-post.md
@@ -4,5 +4,5 @@ The PQCA Tooling Group is excited to announce the availablity of
 
 CBOMkit-action is a github action that can be embedded in CICD pipelines of github repositories to generate [Cyclone DX 1.6 Cryptography Bill of Materials](https://cyclonedx.org/docs/1.6/json) (CBOM) objects. A CBOM object is an extension of the Software Bill of Materials (SBOM) that describes cryptographic assets and their dependencies. The overall design goal of the CBOM is to provide a standardized, machine-readable format for collecting and representing cryptographic assets such as algorithms, protocols, certificates, and related cryptographic material (keys, tokens, secrets, or passwords). CBOM also models dependencies between cryptographic assets and enables policy-based compliance checks and automated reasoning about cryptographic usage.
 
-CBOMkit-action currently analyzes Java and Python code. It treats a github repository as a collection of one or more project modules. A project module is a part of the repository that can be built and sometimes also published independently of other project modules. CBOMkit-action identifies all project modules, scans the corresponding source code and produces a CBOM object per project module containing the module's crypto assets and findings. The CBOM object is stored in a json file with the name `cbom_<dotted_path_of_project_module>.json`. The path of the project module is the path to the corresponding build file (pom.xml, build.gradle or build.gradle.kts for java; pyproject.toml, setup.cfg or setup.py for python). Based on the project module CBOMs CBOMkit-action also generates a consolidated CBOM file that contains all crypto findings for the entire repository. All CBOM objects are uploaded as json files in a github workflow artifact (`CBOM.zip`).
+CBOMkit-action currently analyzes Java and Python code. It treats a github repository as a collection of one or more project modules. A project module is a part of the repository that can be built and sometimes also published independently of other project modules. CBOMkit-action identifies all project modules, scans the corresponding source code and produces a CBOM object per project module containing the module's crypto assets and findings. The CBOM object is stored in a json file with the name `cbom_<dotted_path_of_project_module>.json`. The path of the project module is the path to the corresponding build file (pom.xml, build.gradle or build.gradle.kts for java; pyproject.toml, setup.cfg or setup.py for python). Based on the project module CBOMs CBOMkit-action also generates a consolidated CBOM file `cbom.json` that contains all crypto findings for the entire repository. All CBOM objects are uploaded as json files in a github workflow artifact (`CBOM.zip`).
 

Original file line number	Diff line number	Diff line change
`@@ -4,5 +4,5 @@ The PQCA Tooling Group is excited to announce the availablity of`
`4`	`4`
`5`	`5`	CBOMkit-action is a github action that can be embedded in CICD pipelines of github repositories to generate [Cyclone DX 1.6 Cryptography Bill of Materials](https://cyclonedx.org/docs/1.6/json) (CBOM) objects. A CBOM object is an extension of the Software Bill of Materials (SBOM) that describes cryptographic assets and their dependencies. The overall design goal of the CBOM is to provide a standardized, machine-readable format for collecting and representing cryptographic assets such as algorithms, protocols, certificates, and related cryptographic material (keys, tokens, secrets, or passwords). CBOM also models dependencies between cryptographic assets and enables policy-based compliance checks and automated reasoning about cryptographic usage.
`6`	`6`
`7`		-CBOMkit-action currently analyzes Java and Python code. It treats a github repository as a collection of one or more project modules. A project module is a part of the repository that can be built and sometimes also published independently of other project modules. CBOMkit-action identifies all project modules, scans the corresponding source code and produces a CBOM object per project module containing the module's crypto assets and findings. The CBOM object is stored in a json file with the name `cbom_<dotted_path_of_project_module>.json`. The path of the project module is the path to the corresponding build file (pom.xml, build.gradle or build.gradle.kts for java; pyproject.toml, setup.cfg or setup.py for python). Based on the project module CBOMs CBOMkit-action also generates a consolidated CBOM file that contains all crypto findings for the entire repository. All CBOM objects are uploaded as json files in a github workflow artifact (`CBOM.zip`).
	`7`	+CBOMkit-action currently analyzes Java and Python code. It treats a github repository as a collection of one or more project modules. A project module is a part of the repository that can be built and sometimes also published independently of other project modules. CBOMkit-action identifies all project modules, scans the corresponding source code and produces a CBOM object per project module containing the module's crypto assets and findings. The CBOM object is stored in a json file with the name `cbom_<dotted_path_of_project_module>.json`. The path of the project module is the path to the corresponding build file (pom.xml, build.gradle or build.gradle.kts for java; pyproject.toml, setup.cfg or setup.py for python). Based on the project module CBOMs CBOMkit-action also generates a consolidated CBOM file `cbom.json` that contains all crypto findings for the entire repository. All CBOM objects are uploaded as json files in a github workflow artifact (`CBOM.zip`).
`8`	`8`