Skip to content

Feature/lab4#498

Open
ArthurBabkin wants to merge 12 commits intoinno-devops-labs:mainfrom
ArthurBabkin:feature/lab4
Open

Feature/lab4#498
ArthurBabkin wants to merge 12 commits intoinno-devops-labs:mainfrom
ArthurBabkin:feature/lab4

Conversation

@ArthurBabkin
Copy link

@ArthurBabkin ArthurBabkin commented Mar 3, 2026

Goal

Add Lab 4 submission: SBOM generation with Syft/Trivy and SCA with Grype/Trivy.

Changes

  • Generated SBOMs for Juice Shop using Syft (native JSON, table) and Trivy (JSON, table)
  • Ran SCA: Grype on Syft SBOM + Trivy vuln/secret/license scans
  • Compared toolchain accuracy (package overlap, CVE overlap)
  • Documented findings in labs/submission4.md

Testing

  • Task 1 done — SBOM Generation with Syft and Trivy
  • Task 2 done — SCA with Grype and Trivy
  • Task 3 done — Comprehensive Toolchain Comparison

Artifacts & Screenshots

  • labs/lab4/syft/ — Syft SBOM + Grype results
  • labs/lab4/trivy/ — Trivy SBOM + vuln/secrets/license scans
  • labs/lab4/comparison/ — package and CVE overlap analysis
  • labs/lab4/analysis/ — SBOM and vulnerability analysis summaries

Checklist

  • PR title is clear and describes the changes
  • Documentation updated if needed
  • No secrets, API keys, or large temp files in commits

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ArthurBabkin