Hamburger Cross Icon
SBOM Guardrails - Min Components

Min Components

Guardrail SBOM Guardrails Stable Security And Compliance
sbom.min-components

Verifies the SBOM contains a minimum number of components. Catches trivially empty SBOMs that may indicate detection failures.

sbom completeness components
Get Started View All SBOM Guardrails

Compatible Integrations

This guardrail works with the following integrations. Click to see how to use Min Components with each collector.

+
Min Components + Syft SBOM Collector Provides SBOM data for policy evaluation

Enable This Guardrail

Add the parent policy to your lunar-config.yml to enable this guardrail.

📄 lunar-config.yml 
policies:
  - uses: github://earthly/lunar-lib/policies/sbom@v1.0.0
    include: [min-components]
    # with: ...

How This Guardrail Works

This guardrail is part of the SBOM Guardrails policy. It evaluates data collected by integrations and produces a pass/fail check with actionable feedback.

When enabled, this check runs automatically on every PR and in AI coding workflows, providing real-time enforcement of your engineering standards.

Learn How Lunar Works
1
Integrations Gather Data
Collectors extract metadata from code, CI pipelines, tool outputs, and scans
2
{ } Centralized as JSON
All data merged into each component's unified metadata document
3
This Guardrail Checks Current
Min Components runs and provides pass/fail feedback

Configuration Options

These inputs can be configured in your lunar-config.yml to customize how the parent policy (and this guardrail) behaves.

Input Required Default Description
disallowed_licenses Required Comma-separated regex patterns of disallowed licenses (e.g. "GPL.*,AGPL.*")
min_license_coverage Optional 50 Minimum percentage of components that must have license info (0-100)
min_components Optional 1 Minimum number of components the SBOM must contain
allowed_formats Required Comma-separated list of allowed SBOM formats (e.g. "cyclonedx,spdx"). Empty means any.

Related Guardrails

Other guardrails in the SBOM Guardrails policy.

Guardrail Security And Compliance
Sbom Exists

Ensures an SBOM was generated, either automatically or detected in CI.
Guardrail Security And Compliance
Has Licenses

Verifies that SBOM components have license information populated. Fails if license coverage is below the configured...
Guardrail Security And Compliance
Disallowed Licenses

Checks for disallowed licenses in SBOM components. Matches component licenses against configurable regex patterns.
Guardrail Security And Compliance
Standard Format

Validates the SBOM uses an approved format (CycloneDX, SPDX). Auto-passes if no format restriction is configured.
SBOM Guardrails

SBOM Guardrails

This guardrail is part of the SBOM Guardrails policy, which includes 5 guardrails for security and compliance.

View Policy

Ready to Automate Your Standards?

See how Lunar can turn your engineering wiki, compliance docs, or postmortem action items into automated guardrails with our 100+ built-in guardrails.

Works with any process
check Infrastructure conventions
check Post-mortem action items
check Security & compliance policies
check Testing & quality requirements
Automate Now
Turn any process doc into guardrails
Book a Demo