Feature/lab4

[idio4]

Goal

Submit Lab 4 (SBOM generation + SCA comparison).

Changes

• Added/updated Lab 4 artifacts under labs/lab4/:
  • Syft SBOM + license extraction
  • Trivy SBOM/vuln/secret/license outputs
  • Grype vulnerability outputs (rerun with official anchore/grype DB)
  • Analysis/comparison files
• Updated labs/submission4.md with:
  • package/license distribution comparison
  • vulnerability comparison and overlap metrics
  • top critical findings + remediation
  • toolchain recommendations

Testing

• Ran Syft SBOM generation on bkimminich/juice-shop:v19.0.0
• Ran Trivy scans (vuln, secret, license)
• Ran Grype scan against Syft SBOM after DB update
• Recomputed summary metrics with jq, comm, wc

Artifacts

• labs/submission4.md
• labs/lab4/syft/*
• labs/lab4/trivy/*
• labs/lab4/analysis/*
• labs/lab4/comparison/*

Checklist

• Title is clear and specific
• Docs updated if needed
• No secrets or large temp files committed

Lab Tasks

• Task 1 done — SBOM Generation with Syft and Trivy
• Task 2 done — SCA with Grype and Trivy
• Task 3 done — Comprehensive Toolchain Comparison