Skip to content

Commit be0ff80

Browse files
rudsbergrudsberg
committed
Update 'docs/reference-manual/native-image/guides/use-sbom-support.md' guide
1 parent ae45ccd commit be0ff80

File tree

3 files changed

+13
-16
lines changed

3 files changed

+13
-16
lines changed

docs/reference-manual/native-image/InspectTool.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,9 +8,9 @@ redirect_from: /reference-manual/native-image/inspect/
88

99
# Native Image Inspect Tool
1010

11-
> The Native Image Inspect Tool is deprecated and will be removed in a future release. To extract embedded SBOMs, use:
11+
> **The Native Image Inspect Tool is deprecated and will be removed in a future release**. To extract embedded SBOMs, use:
1212
> ```bash
13-
> $JAVA_HOME/bin/native-image-configure extract-sbom --image-path=<path>
13+
> $JAVA_HOME/bin/native-image-configure extract-sbom --image-path=<path_to_binary>
1414
> ```
1515
1616
The Native Image Inspect Tool extracts embedded Software Bill of Materials (SBOM) from native executables. The functionality for extracting class-level metadata is no longer supported.

docs/reference-manual/native-image/guides/use-sbom-support.md

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@ For the demo application, you will use the `jwebserver` tool, and package it as
5454

5555
There are two possible ways to extract the compressed SBOM contents into a human-readable format:
5656
- using [Syft](https://github.com/anchore/syft)
57-
- using the [Native Image Inspect Tool](../InspectTool.md)
57+
- using the [Native Image Configure Tool](#native-image-configure-tool)
5858

5959
### Syft
6060

@@ -68,14 +68,14 @@ syft jwebserver
6868
```
6969
It lists all of the Java libraries included in it.
7070

71-
### Native Image Inspect Tool
71+
### Native Image Configure Tool
7272

73-
GraalVM Native Image provides the [Inspect Tool](../InspectTool.md) to retrieve an SBOM embedded in a native executable.
74-
The Inspect Tool is a viable alternative if you prefer not to install `syft`.
73+
GraalVM Native Image provides the `native-image-configure` tool to retrieve an SBOM embedded in a native executable.
74+
The Configure Tool is a viable alternative if you prefer not to install `syft`.
7575

76-
Run the following command to read the SBOM contents using the Inspect Tool:
76+
Run the following command to read the SBOM contents using the Configure Tool:
7777
```bash
78-
native-image-inspect --sbom jwebserver
78+
$JAVA_HOME/bin/native-image-configure extract-sbom --image-path=<path_to_binary>
7979
```
8080

8181
To take it further, you can submit the SBOM to any available vulnerability scanner, and check if the recorded libraries have known security vulnerabilities.

docs/security/SBOM.md

Lines changed: 5 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -23,18 +23,15 @@ The SBOM feature can be disabled with `--enable-sbom=false`.
2323

2424
## Extracting SBOM Contents
2525

26-
After embedding the compressed SBOM into the executable, the [Native Image Inspect Tool](../reference-manual/native-image/InspectTool.md) is able to extract the compressed SBOM using the `--sbom` parameter accessible through `$JAVA_HOME/bin/native-image-inspect --sbom <path_to_binary>` from both executables and shared libraries.
27-
It outputs the SBOM in the following format:
28-
2926
After embedding the compressed SBOM into the image, there are two possible ways to extract the SBOM contents:
30-
- using the [Native Image Inspect Tool](../reference-manual/native-image/InspectTool.md)
27+
- using the [Native Image Configure Tool](#native-image-configure-tool)
3128
- using [Syft](https://github.com/anchore/syft){:target="_blank"}
3229

3330
### Native Image Configure Tool
3431

35-
The Native Image Inspect Tool is able to extract the compressed SBOM using the `extract-sbom` command from executables and shared libraries.
32+
The Native Image Configure Tool can extract the compressed SBOM using the `extract-sbom` command from executables and shared libraries.
3633
```bash
37-
native-image-inspect --sbom <path_to_binary>
34+
$JAVA_HOME/bin/native-image-configure extract-sbom --image-path=<path_to_binary>
3835
```
3936

4037
It outputs the contents in the JSON format:
@@ -124,9 +121,9 @@ It also integrates with GitHub Actions, GitLab, and Jenkins Pipelines.
124121

125122
Another popular command-line scanner is `grype`, part of the [Anchore software supply chain management platform](https://anchore.com/){:target="_blank"}.
126123
With `grype`, you can check whether the libraries listed in your SBOMs have known vulnerabilities documented in Anchore's database.
127-
The output of the `native-image-inspect` tool can be fed directly into `grype` to scan for vulnerable libraries using the following command:
124+
The output of the `native-image-configure` tool can be fed directly into `grype` to scan for vulnerable libraries using the following command:
128125
```bash
129-
native-image-inspect --sbom <path_to_binary> | grype
126+
native-image-configure extract-sbom --image-path=<path_to_binary> | grype
130127
```
131128
It produces the following output:
132129
```shell

0 commit comments

Comments
 (0)