Thanks to visit codestin.com
Credit goes to github.com

Skip to content
This repository was archived by the owner on Sep 25, 2025. It is now read-only.

SEG-UNIBE/cbombench

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
Reports/2025-06-25-13-34
Reports/2025-06-25-13-34
 
 
docs
docs
 
 
src
src
 
 
.gitignore
.gitignore
 
 
CITATION.cff
CITATION.cff
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Warning

This repository is archived.

Development has been discontinued in this project.
All efforts continue in BF-CBOM, which provides a redesigned architecture and extended functionality.




CBOMbench

Changelog License DOI

classdiagram

CBOMbench is a modular benchmarking framework for evaluating Cryptographic Bill of Materials (CBOM) generation tools. It automates testing of CBOM tools across real-world GitHub repositories and produces analysis based on output quality and performance metrics.

This tool was developed as part of a bachelor’s thesis at the University of Bern and currently supports benchmarking of:

Installation & Setup

To run CBOMbench, follow these steps:

1. Install Required Tools

  • Follow the official instructions to install CBOMkit (via Docker or Podman).
  • Install cdxgen using npm: npm install -g @cyclonedx/cdxgen

2. Clone this Repository

git clone https://github.com/SEG-UNIBE/cbombench.git
cd cbombench

3. Install Python Dependencies

pip install -r requirements.txt

4. Set Environment Variables

export DEEPSEEK_API_KEY=your_deepseek_key_here
export GITHUB_TOKEN=your_github_token_here

Usage

CBOMbench is operated through the command-line: python ./src/cbombench.py [COMMAND]

Available Commands:

  • Repository Discovery and Selection

    Get Github Repositories filtered by main programming language, size constraints in KB and how big the sample should be.

    cbombench.py get-repos --languag java --min-size 1000 --max-size 100000 --sample-size 10

  • Individual Tool Testing

    Individual tool testing for a specified repository and branch (if branch is left empty CBOMbench automatically detects the default branch).

    cbombench.py text cbomkit cdxgen deepseek https://github.com/example/repo --branch main

  • Automated Benchmarking

    Benchmarking the specified tools on a sample of GitHub repositories

    cbombench.py benchmark cbomkit cdxgen deepseek --language java --sample-size 10

  • Statistical Analysis and Reporting

    Generate comparison reports from the collected CBOMs (save flag to save report in files).

    cbombench.py analyze --save

  • Historical Analysis

    Load a past analysis

    cbombench.py load-analysis

  • Data Cleanup

    Delete generated CBOMs

    cbombench.py delete-data

Extending CBOMbench

To add support for a new CBOM generation tool:

  1. Create a new adapter
  2. Implement a generate_cbom(url, branch) method that returns the CBOM as a JSON and a duration
  3. Add the function to cbombench.py

About

A testbed for benchmarking Cryptographic Bills of Materials (CBOMs).

Topics

python benchmark cbom

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

3 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 5

v1.0.1 (archived) Latest
Sep 25, 2025
+ 4 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages