Skip to content

Comments

Lab4 submission: Basanov Maxim#4

Open
scruffyscarf wants to merge 1 commit intomainfrom
feature/lab4
Open

Lab4 submission: Basanov Maxim#4
scruffyscarf wants to merge 1 commit intomainfrom
feature/lab4

Conversation

@scruffyscarf
Copy link
Owner

@scruffyscarf scruffyscarf commented Sep 29, 2025

Goal

Generate Software Bills of Materials (SBOMs) for OWASP Juice Shop using Syft and Trivy, perform comprehensive Software Composition Analysis with Grype and Trivy, then compare the toolchain capabilities.

Changes

  • Added labs/submission4.md
  • Added labs/lab4/analysis/sbom-analysis.txt
  • Added labs/lab4/analysis/vulnerability-analysis.txt
  • Added labs/lab4/comparison/accuracy-analysis.txt
  • Added labs/lab4/comparison/common-packages.txt
  • Added labs/lab4/comparison/grype-cves.txt
  • Added labs/lab4/comparison/syft-only.txt
  • Added labs/lab4/comparison/syft-packages.txt
  • Added labs/lab4/comparison/trivy-cves.txt
  • Added labs/lab4/comparison/trivy-only.txt
  • Added labs/lab4/comparison/trivy-packages.txt
  • Added labs/lab4/syft/grype-vuln-results.json
  • Added labs/lab4/syft/grype-vuln-table.txt
  • Added labs/lab4/syft/juice-shop-licenses.txt
  • Added labs/lab4/syft/juice-shop-syft-native.json
  • Added labs/lab4/syft/juice-shop-syft-table.txt
  • Added labs/lab4/trivy/juice-shop-trivy-detailed.json
  • Added labs/lab4/trivy/juice-shop-trivy-table.txt
  • Added labs/lab4/trivy/trivy-licenses.json
  • Added labs/lab4/trivy/trivy-secrets.txt
  • Added labs/lab4/trivy/trivy-vuln-detailed.json

Testing

No testing

Artifacts & Screenshots

labs/lab4/
β”œβ”€β”€ analysis/
β”‚   β”œβ”€β”€ sbom-analysis.txt
β”‚   └── vulnerability-analysis.txt
β”œβ”€β”€ comparison/
β”‚   β”œβ”€β”€ accuracy-analysis.txt
β”‚   β”œβ”€β”€ common-packages.txt
β”‚   β”œβ”€β”€ syft-only.txt
β”‚   └── trivy-only.txt
β”œβ”€β”€ syft/
β”‚   β”œβ”€β”€ juice-shop-syft-native.json
β”‚   β”œβ”€β”€ juice-shop-syft-table.txt
β”‚   β”œβ”€β”€ grype-vuln-results.json
β”‚   └── grype-vuln-table.txt
└── trivy/
    β”œβ”€β”€ juice-shop-trivy-detailed.json
    β”œβ”€β”€ juice-shop-trivy-table.txt
    β”œβ”€β”€ trivy-vuln-detailed.json
    β”œβ”€β”€ trivy-secrets.txt
    └── trivy-licenses.json

Checklist

  • Task 1 done β€” SBOM Generation with Syft and Trivy
  • Task 2 done β€” SCA with Grype and Trivy
  • Task 3 done β€” Comprehensive Toolchain Comparison
  • PR has a clear and descriptive title
  • Documentation has been updated if necessary
  • No sensitive data or large temporary files have been committed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@scruffyscarf