In order to use bomber
with the Sonatype OSS Index you need to get an account. Head over to the site, and create a free account, and make note of your username
(this will be the email that you registered with).
Once you log in, you’ll want to navigate to your settings and make note of your API token
. Please don’t share your token with anyone.
Once you have your token,
# Using a provider that requires credentials (ossindex)
bomber scan --provider=ossindex --username=xxx --token=xxx sbom.json
At this time, the Sonatype OSS Index supports the following ecosystems: