ChatSBOM - Talk to your Supply Chain. Chat with SBOMs.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for WangYihang from gravatar.com WangYihang

Unverified details

These details have not been verified by PyPI
Meta
  • Requires: Python >=3.12
Report project as malware

Project description

ChatSBOM

Talk to your Supply Chain. Chat with SBOMs.

ChatSBOM is a CLI tool for deep insights into Software Bill of Materials (SBOM) data.

Demo

Motivation

GitHub's Dependency Graph shows which repositories depend on your project, but there's no way to sort dependents by stars (isaacs/github#1537). This makes it difficult for maintainers of popular packages to identify their most important downstream users. ChatSBOM solves this by collecting and indexing SBOM data, enabling queries like "which popular projects use my library?"

Key Features

  • github search: Find high-quality repos on GitHub (stars/language)
  • github repo/release/commit: Enrich metadata and determine exact versions
  • github content: Fetch dependency files (go.mod, package.json, etc.)
  • sbom generate: Transform files to standard SBOM format using Syft
  • db index: Load SBOM data into ClickHouse database
  • db status/query: View database statistics and search dependencies via CLI
  • chat: AI-powered natural language queries

Quick Start

Prerequisites

  • uv - Python package manager for fast installation and execution
  • syft - SBOM generation tool
  • docker - Container runtime
  • clickhouse - Columnar database

Usage

Run the pipeline step-by-step:

# 1. Search for repositories
uvx chatsbom github search --language go --min-stars 10000

# 2. Enrich metadata
uvx chatsbom github repo --language go
uvx chatsbom github release --language go
uvx chatsbom github commit --language go

# 3. Download dependency files
uvx chatsbom github content --language go

# 4. Generate standard SBOMs
uvx chatsbom sbom generate --language go

# 5. Index into database
uvx chatsbom db index --language go

# 6. Query insights
uvx chatsbom db status
uvx chatsbom db query gin
uvx chatsbom chat

Architecture

ChatSBOM follows a clean, modular pipeline architecture:

Command & Data Flow

github search → repo → release → commit → content → sbom generate → db index
      ↓          ↓       ↓         ↓         ↓           ↓            ↓
    01-list    02-meta 03-rel    04-sha    05-raw      06-sbom      ClickHouse

Directory Structure (data/)

  • 01-github-search/: Initial candidate list from Search API.
  • 02-github-repo/: Enriched repository statistics (Stars, License).
  • 03-github-release/: Version history and stable release identification.
  • 04-github-commit/: Version anchoring to specific Commit SHAs.
  • 05-github-content/: Pure raw manifest files (no management JSONs).
  • 06-sbom/: Pure analysis results (SBOMs) generated by Syft.

Use Cases

Asking AI Agent to retrieve the top 10 projects using gin framework.

01 02

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for WangYihang from gravatar.com WangYihang

Unverified details

These details have not been verified by PyPI
Meta
  • Requires: Python >=3.12

Release history Release notifications | RSS feed

0.5.4

0.5.3

0.5.2

0.5.1

0.5.0

0.4.0

0.3.0

This version

0.2.10

0.2.9

0.2.8

0.2.7

0.2.6

0.2.5

0.2.4

0.2.3

0.2.2

0.2.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

chatsbom-0.2.10.tar.gz (3.3 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

chatsbom-0.2.10-py3-none-any.whl (50.3 kB view details)

Uploaded Python 3

File details

Details for the file chatsbom-0.2.10.tar.gz.

File metadata

  • Download URL: chatsbom-0.2.10.tar.gz
  • Upload date:
  • Size: 3.3 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.10.0 {"installer":{"name":"uv","version":"0.10.0","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for chatsbom-0.2.10.tar.gz
Algorithm Hash digest
SHA256 8a039863597f4a95fe04577e381c8bacd8c8a0a40cbdeb5b5a02078ff6f85e17
MD5 a3d99fad2a35f22e6adf2482b59fecd0
BLAKE2b-256 ba24386e4b59e6a7245e156c600323c28052cca364a7bea754bb406bee17f6c4

See more details on using hashes here.

File details

Details for the file chatsbom-0.2.10-py3-none-any.whl.

File metadata

  • Download URL: chatsbom-0.2.10-py3-none-any.whl
  • Upload date:
  • Size: 50.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.10.0 {"installer":{"name":"uv","version":"0.10.0","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for chatsbom-0.2.10-py3-none-any.whl
Algorithm Hash digest
SHA256 fb1a42fe7a1fcbad7436e1219ea936d14a861e4f041749783d9a1c37b48493ef
MD5 0a7e03a685726de628542d4b0f099422
BLAKE2b-256 be132f35753949628b145d36e5e368d144804034f6862d03323e718a2a525b84

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page