sbomgr - semantic sbom grep

# sbomgr - semantic sbom grep * What are all of the licenses of my direct dependencies? `sbomgr licenses --direct file/folder` * What are all of the licenses being used in all of my application dependencies (transitively) ? `sbomgr licenses --transitive file/folder` * What are all my licenses ? `sbomgr licenses file/folder` * For a container SBOM, ignoring all packages not related to name="app-name", what are the licenses used for all transitive dependencies? `sbomgr licenses --transitive --ignore-package-by-name "app-name"` * I know of a potentially bad dependency from the 5 o'clock news? Are we using it? `sbomgr packages --name "news-package" file/folder` * if so, what dependencies are related to the offending dependency? `sbomgr packages --name "news-package" --transitive file/folder` * Do we need to get rid of other libraries due to their use of this lib? `sbomgr packages --name "news-package" --direct file/folder` * Do I have any dependencies that bring in an "iceberg" of other dependencies? `sbomgr packages --direct --stats file/folder` * What are my dev-dependencies? Ignore all of my non-dev dependencies. `not sure this can be done on by sbom` * "how many packages does it contain?" `sbomgr packages --direct --stats file/folder` * "are there any packages that contain 'libc' in the name?" `sbomgr packages --name "*libc*" file/folder` * "does the given file hash exist in the SBOM?" `sbomgr packages --hash-value "ABCCDEDSS" file/folder` * "are there any packages with zip files?" `sbomgr packages --name "*.zip" file/folder` * Can i search packages by PURL ? `sbomgr packages --purl "pkg?" file/folder` * Can i search packages by CPE ? `sbomgr packages --cpe "cpe:?" file/folder` * List all my files ? `sbomgr files file/folder` * List all my packages? `sbomgr packages file/folder`