# SBOM Scanner

## Introduction

SBOM Scanner is a powerful tool designed to help organizations manage the security of their software supply chain by scanning Software Bill of Materials (SBOMs) for open-source vulnerabilities. It leverages the world's largest vulnerability database to provide accurate and up-to-date information on potential security issues, along with recommended fixes.

## Key Features

* **SBOM Vulnerability Scanning**: SBOM Scanner scans SBOMs to identify open-source vulnerabilities.
* **Largest Vulnerability Database**: Utilizes the world's largest vulnerability database for comprehensive coverage.
* **Detailed Reports**: Provides detailed reports on identified vulnerabilities, including severity levels and recommended fixes.
* **Customizable Scans**: Allows users to customize scans based on their specific requirements.

## Getting Started

To start using SBOM Scanner, follow these simple steps:

1. **Installation**: Install SBOM Scanner on your system or integrate it into your CI/CD pipeline.

   * [Download for macOS](https://digitalassets.sec1.io/sec1-sbom-scanner-macos)
   * [Download for Linux](https://digitalassets.sec1.io/sec1-sbom-scanner-linux)
   * [Download for Windows](https://digitalassets.sec1.io/sec1-sbom-scanner-win.exe)

   ```bash
      curl --compressed https://digitalassets.sec1.io/sec1-sbom-scanner-macos -o sec1-sbom-scanner
      chmod +x ./sec1-sbom-scanner
      mv ./sec1-sbom-scanner /usr/local/bin/
   ```
2. **Configuration**: Configure SBOM Scanner to scan your SBOMs and connect to the vulnerability database. [Config help](https://github.com/sec0ne/user-docs/blob/main/docs/5-sbom-scanner/commands/config.md)
3. **Scanning**: Initiate scans of your SBOMs to identify vulnerabilities. [Scan help](https://github.com/sec0ne/user-docs/blob/main/docs/5-sbom-scanner/commands/scan.md)
4. **Review Reports**: Review the generated reports to understand the identified vulnerabilities and their recommended fixes.
5. **Remediation**: Take necessary actions to address the identified vulnerabilities based on the provided recommendations.

## Detailed Command Information

For more detailed information about any command, append `--help` (e.g. `sec1-sbom-scanner config --help`). This feature provides in-depth guidance on each command's usage and options.

**Note:** The help on the docs site is the same as the `--help` in the CLI.

### [`sec1-sbom-scanner config`](https://github.com/sec0ne/user-docs/blob/main/docs/5-sbom-scanner/commands/config.md)

Manages the configuration of the Sec1 CLI. This command is the starting point for customizing the tool for your specific project requirements.

### [`sec1-sbom-scanner scan`](https://github.com/sec0ne/user-docs/blob/main/docs/5-sbom-scanner/commands/scan.md)

Conducts a comprehensive scan of the sbom.