Yosh Wuyts (Mar 12 2025 at 16:28): Yosh Wuyts (Mar 12 2025 at 16:28):@Josh Duffney and I have been working on adding support to the Rust wasi:http sample - and we got it working on CI
Yosh Wuyts (Mar 12 2025 at 16:28):If folks want to follow along, this is a pretty fun sample to try out:
Yosh Wuyts (Mar 12 2025 at 16:28):# install dependencies
cargo install wasm-tools auditable2cdx wkg
# fetch the Rust http sample
wkg oci pull ghcr.io/bytecodealliance/sample-wasi-http-rust/sample-wasi-http-rust:latest -o sample.wasm
ls
# print the metadata, including all dependencies
wasm-tools metadata show sample.wasm | less
# extract the SBOM from the binary
auditable2cdx sample.wasm >> sample-sbom.json
jq -C < sample-sbom.json | less -Rr
This outputs a CycloneDX-formatted SBOM document, encoded as JSON. I reads gets the data from a custom section in the component
Last updated: Dec 13 2025 at 17:03 UTC