Lineaje Learning Center
  • About Lineaje
  • Lineaje Product Offering
  • Getting started
    • Create an account
      • Configure Azure AD for sso
      • Configure Okta for sso
    • Onboarding workflow
  • SBOM360, OSM
    • Generate an SBOM
      • Source Code Management (SCM) As Source
        • Public Code Repositories
        • Private Code Repositories
          • Configure GitHub credentials
          • Configure Bitbucket credentials
          • Configure Gitlab credentials
          • Configure Git credentials
          • Configure Azure Repo
        • Frequently Asked Questions
      • Container Image As Source
        • Public Container Image
        • Private Container Image
          • Configure AWS Elastic Container Registry
          • Configure Google Container Registry
          • Configure Docker Hub
          • Configure Generic OCI Registry
          • Configure Azure Container Registry
        • Frequently Asked Questions
      • Existing SBOM As Source
        • EO 14028 checks
      • Manifest file As Source
      • Android Package Kit (APK)
      • Using Lineaje CLI
    • Explore Your SBOM
      • Info
      • Attestation
      • IRL
      • Dependencies
      • Provenance
      • Vulnerabilities
      • Mitigations
      • Security Posture
      • Code Quality
      • Suppliers & Licenses
      • Findings
    • Manage Your SBOM
    • Dashboard
    • Search
    • Policies and Gates
    • Organization and User Management
      • Organization example
    • Lineaje AI
    • AI Plan and AI Remediate
      • JIRA Integration
  • SBOM360 Hub
    • My Products
    • My SBOMS
    • Find & Review SBOMs
    • Manage Your Repository
    • Request and Share SBOMS
    • Settings
    • User Roles
  • Lineaje CLI
    • System Configuration
    • Toolset Configuration
    • CLI Installation
    • CLI Usage
    • Troubleshooting CLI issues
    • Support matrix
  • Integration with CICD pipeline
    • Pre-Requisites
    • Generate Project from source code
      • Project creation using Lineaje cloud
  • Abbreviations and Descriptions
  • Release Notes
    • Unified Scanner for AWS
Powered by GitBook
On this page
  1. SBOM360, OSM
  2. Generate an SBOM

Manifest file As Source

A manifest file is a configuration file that build tools use to build a project. A manifest file typically carries various build configurations as well as information about dependencies.

Enteprises do not expose the source code. The scm tool that is used for source code management is accessible within the enterprise boundary. So the persona who wants to generate SBOM using Lineaje is often stuck with getting right permissions to provide Lineaje cloud access to the source code. To simplify the SBOM creation, Lineaje supports uploading of the manifest file alone. Doing so will kick start the SBOM generation. All private and third party dependencies referred in the manifest file will remain unresolved as Lineaje does not have access. On the other hand all open source dependencies show up.

The below table lists down the supported manifest files for different build tools. The manifest file typically is found in the root of the source code. Depending on the type of the project, there could be one or more manifest files (root + sub directories).

1

Java / Maven

pom.xml

2

Python / PIP

requirements.txt

3

Rust / Cargo

Cargo.lock

4

Golang / Go Modules

go.mod

5

Yarn

yarn.lock

6

JavaScript / NPM

package-lock.json

PreviousEO 14028 checksNextAndroid Package Kit (APK)

Last updated 1 year ago