Skip to content

chains-project/zkSBOM

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

140 Commits
.github/workflows
.github/workflows
 
 
rq1
rq1
 
 
rq2
rq2
 
 
rq3
rq3
 
 
zksbom-operator
zksbom-operator
 
 
zksbom-verifier
zksbom-verifier
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
CITATION.cff
CITATION.cff
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Zero-Knowledge SBOM (zkSBOM)

This repository contains a prototype implementation for disclosing limited but verifiable SBOM (Software Bill of Materials) information to authorized users using cryptographic methods.

Supported cryptographic methods:

  • Merkle Trees (MT)
  • Sparse Merkle Trees (SMT)
  • Merkle Patricia Tries (MPT)
  • Ordered Zero-Knowledge Sets (oZKS)

The project is divided into two tools

  • zkSBOM Operator

    • Allows vendors to upload their product SBOMs, customers to retrieve commitments for specific SBOMs, and the system to generate cryptographic proofs confirming the presence of vulnerable dependencies. It also performs regular dependency-to-vulnerability mappings.

  • zkSBOM Verifier

    • Validates the cryptographic proofs generated by the zkSBOM Operator.

Installation

# Clone the repository
git clone git@github.com:chains-project/zkSBOM.git

# Initialize the submodules
git submodule update --init --recursive

Follow the installation section in the corresponding README.md to install zkSBOM Operator or zkSBOM Verifier.

Usage

See the usage guide in the corresponding README.md for zkSBOM Operator or zkSBOM Verifier.

About

Zero-Knowledge SBOM

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

5 stars

Watchers

1 watching

Forks

0 forks
Report repository

Contributors

Languages