Manifest file As Source
A manifest file is a configuration file that build tools use to build a project. A manifest file typically carries various build configurations as well as information about dependencies.
Enteprises do not expose the source code. The scm tool that is used for source code management is accessible within the enterprise boundary. So the persona who wants to generate SBOM using Lineaje is often stuck with getting right permissions to provide Lineaje cloud access to the source code. To simplify the SBOM creation, Lineaje supports uploading of the manifest file alone. Doing so will kick start the SBOM generation. All private and third party dependencies referred in the manifest file will remain unresolved as Lineaje does not have access. On the other hand all open source dependencies show up.
The below table lists down the supported manifest files for different build tools. The manifest file typically is found in the root of the source code. Depending on the type of the project, there could be one or more manifest files (root + sub directories).
1 | Java / Maven | pom.xml |
2 | Python / PIP | requirements.txt |
3 | Rust / Cargo | Cargo.lock |
4 | Golang / Go Modules | go.mod |
5 | Yarn | yarn.lock |
6 | JavaScript / NPM | package-lock.json |
Last updated