├── .gitchangelog.rc ├── .github └── workflows │ ├── pull_request.yml │ └── release.yml ├── .gitignore ├── CHANGELOG.rst ├── CODE_OF_CONDUCT.md ├── LICENSE ├── MANIFEST.in ├── README.md ├── SECURITY.md ├── cbom ├── __init__.py ├── cli │ ├── __init__.py │ └── cli.py ├── cryptocheck │ ├── __init__.py │ ├── cryptocheck.py │ ├── sarif.py │ └── validators.py ├── lib_utils.py ├── parser │ ├── __init__.py │ ├── algorithm.py │ ├── certificate.py │ ├── related_crypto_material.py │ └── utils.py └── resources │ ├── cryptocheck_rules.yml │ ├── cryptocheck_schema.json │ └── library.yml ├── pyproject.toml ├── requirements.txt ├── tests ├── __init__.py ├── integration_tests │ ├── __init__.py │ ├── data │ │ ├── cbom │ │ │ ├── cbom_exclusion_pattern.json │ │ │ └── cbom_full.json │ │ └── codeql │ │ │ ├── full.sarif │ │ │ └── partial_results │ │ │ ├── asymmetric_algorithms.sarif │ │ │ └── symmetric_algorithms.sarif │ └── test_cbom.py └── unit_tests │ ├── __init__.py │ ├── conftest.py │ ├── data │ └── codeql │ │ ├── aes.sarif │ │ ├── dsa.sarif │ │ ├── fernet.sarif │ │ └── rsa.sarif │ ├── test_algorithm.py │ ├── test_certificate.py │ ├── test_related_crypto_material.py │ └── test_utils.py └── tox.ini /.gitchangelog.rc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/.gitchangelog.rc -------------------------------------------------------------------------------- /.github/workflows/pull_request.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/.github/workflows/pull_request.yml -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/.github/workflows/release.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/.gitignore -------------------------------------------------------------------------------- /CHANGELOG.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/CHANGELOG.rst -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/CODE_OF_CONDUCT.md -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/LICENSE -------------------------------------------------------------------------------- /MANIFEST.in: -------------------------------------------------------------------------------- 1 | recursive-include cbom/resources * 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/README.md -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/SECURITY.md -------------------------------------------------------------------------------- /cbom/__init__.py: -------------------------------------------------------------------------------- 1 | __version__ = '1.1.0' 2 | -------------------------------------------------------------------------------- /cbom/cli/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cbom/cli/cli.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/cbom/cli/cli.py -------------------------------------------------------------------------------- /cbom/cryptocheck/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cbom/cryptocheck/cryptocheck.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/cbom/cryptocheck/cryptocheck.py -------------------------------------------------------------------------------- /cbom/cryptocheck/sarif.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/cbom/cryptocheck/sarif.py -------------------------------------------------------------------------------- /cbom/cryptocheck/validators.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/cbom/cryptocheck/validators.py -------------------------------------------------------------------------------- /cbom/lib_utils.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/cbom/lib_utils.py -------------------------------------------------------------------------------- /cbom/parser/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cbom/parser/algorithm.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/cbom/parser/algorithm.py -------------------------------------------------------------------------------- /cbom/parser/certificate.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/cbom/parser/certificate.py -------------------------------------------------------------------------------- /cbom/parser/related_crypto_material.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/cbom/parser/related_crypto_material.py -------------------------------------------------------------------------------- /cbom/parser/utils.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/cbom/parser/utils.py -------------------------------------------------------------------------------- /cbom/resources/cryptocheck_rules.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/cbom/resources/cryptocheck_rules.yml -------------------------------------------------------------------------------- /cbom/resources/cryptocheck_schema.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/cbom/resources/cryptocheck_schema.json -------------------------------------------------------------------------------- /cbom/resources/library.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/cbom/resources/library.yml -------------------------------------------------------------------------------- /pyproject.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/pyproject.toml -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/requirements.txt -------------------------------------------------------------------------------- /tests/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/integration_tests/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/integration_tests/data/cbom/cbom_exclusion_pattern.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/tests/integration_tests/data/cbom/cbom_exclusion_pattern.json -------------------------------------------------------------------------------- /tests/integration_tests/data/cbom/cbom_full.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/tests/integration_tests/data/cbom/cbom_full.json -------------------------------------------------------------------------------- /tests/integration_tests/data/codeql/full.sarif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/tests/integration_tests/data/codeql/full.sarif -------------------------------------------------------------------------------- /tests/integration_tests/data/codeql/partial_results/asymmetric_algorithms.sarif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/tests/integration_tests/data/codeql/partial_results/asymmetric_algorithms.sarif -------------------------------------------------------------------------------- /tests/integration_tests/data/codeql/partial_results/symmetric_algorithms.sarif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/tests/integration_tests/data/codeql/partial_results/symmetric_algorithms.sarif -------------------------------------------------------------------------------- /tests/integration_tests/test_cbom.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/tests/integration_tests/test_cbom.py -------------------------------------------------------------------------------- /tests/unit_tests/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/unit_tests/conftest.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/tests/unit_tests/conftest.py -------------------------------------------------------------------------------- /tests/unit_tests/data/codeql/aes.sarif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/tests/unit_tests/data/codeql/aes.sarif -------------------------------------------------------------------------------- /tests/unit_tests/data/codeql/dsa.sarif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/tests/unit_tests/data/codeql/dsa.sarif -------------------------------------------------------------------------------- /tests/unit_tests/data/codeql/fernet.sarif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/tests/unit_tests/data/codeql/fernet.sarif -------------------------------------------------------------------------------- /tests/unit_tests/data/codeql/rsa.sarif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/tests/unit_tests/data/codeql/rsa.sarif -------------------------------------------------------------------------------- /tests/unit_tests/test_algorithm.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/tests/unit_tests/test_algorithm.py -------------------------------------------------------------------------------- /tests/unit_tests/test_certificate.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/tests/unit_tests/test_certificate.py -------------------------------------------------------------------------------- /tests/unit_tests/test_related_crypto_material.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/tests/unit_tests/test_related_crypto_material.py -------------------------------------------------------------------------------- /tests/unit_tests/test_utils.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/tests/unit_tests/test_utils.py -------------------------------------------------------------------------------- /tox.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Santandersecurityresearch/cryptobom-forge/HEAD/tox.ini --------------------------------------------------------------------------------