ChatSBOM - Talk to your Supply Chain. Chat with SBOMs.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for WangYihang from gravatar.com WangYihang

Unverified details

These details have not been verified by PyPI
Meta
  • Requires: Python >=3.12
Report project as malware

Project description

ChatSBOM

Talk to your Supply Chain. Chat with SBOMs.

ChatSBOM is a CLI tool for deep insights into Software Bill of Materials (SBOM) data.

Demo

Motivation

GitHub's Dependency Graph shows which repositories depend on your project, but there's no way to sort dependents by stars (isaacs/github#1537). This makes it difficult for maintainers of popular packages to identify their most important downstream users. ChatSBOM solves this by collecting and indexing SBOM data, enabling queries like "which popular projects use my library?"

Key Features

  • github search: Find high-quality repos on GitHub (stars/language)
  • github repo/release/commit: Enrich metadata and determine exact versions
  • github content: Fetch dependency files (go.mod, package.json, etc.)
  • sbom generate: Transform files to standard SBOM format using Syft
  • db index: Load SBOM data into ClickHouse database
  • db status/query: View database statistics and search dependencies via CLI
  • chat: AI-powered natural language queries

Quick Start

Prerequisites

  • uv - Python package manager for fast installation and execution
  • syft - SBOM generation tool
  • docker - Container runtime
  • clickhouse - Columnar database

Usage

Run the pipeline step-by-step:

# 1. Search for repositories
uvx chatsbom github search --language go --min-stars 10000

# 2. Enrich metadata
uvx chatsbom github repo --language go
uvx chatsbom github release --language go
uvx chatsbom github commit --language go

# 3. Download dependency files
uvx chatsbom github content --language go

# 4. Generate standard SBOMs
uvx chatsbom sbom generate --language go

# 5. Index into database
uvx chatsbom db index --language go

# 6. Query insights
uvx chatsbom db status
uvx chatsbom db query gin
uvx chatsbom chat

Architecture

ChatSBOM follows a clean, modular pipeline architecture:

Command & Data Flow

github search → repo → release → commit → content → sbom generate → db index
      ↓          ↓       ↓         ↓         ↓           ↓            ↓
    01-list    02-meta 03-rel    04-sha    05-raw      06-sbom      ClickHouse

Directory Structure (data/)

  • 01-github-search/: Initial candidate list from Search API.
  • 02-github-repo/: Enriched repository statistics (Stars, License).
  • 03-github-release/: Version history and stable release identification.
  • 04-github-commit/: Version anchoring to specific Commit SHAs.
  • 05-github-content/: Pure raw manifest files (no management JSONs).
  • 06-sbom/: Pure analysis results (SBOMs) generated by Syft.

Use Cases

Asking AI Agent to retrieve the top 10 projects using gin framework.

01 02

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for WangYihang from gravatar.com WangYihang

Unverified details

These details have not been verified by PyPI
Meta
  • Requires: Python >=3.12

Release history Release notifications | RSS feed

0.5.4

0.5.3

0.5.2

0.5.1

0.5.0

0.4.0

This version

0.3.0

0.2.10

0.2.9

0.2.8

0.2.7

0.2.6

0.2.5

0.2.4

0.2.3

0.2.2

0.2.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

chatsbom-0.3.0.tar.gz (3.3 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

chatsbom-0.3.0-py3-none-any.whl (50.3 kB view details)

Uploaded Python 3

File details

Details for the file chatsbom-0.3.0.tar.gz.

File metadata

  • Download URL: chatsbom-0.3.0.tar.gz
  • Upload date:
  • Size: 3.3 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.10.0 {"installer":{"name":"uv","version":"0.10.0","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for chatsbom-0.3.0.tar.gz
Algorithm Hash digest
SHA256 c4b0b224c5efe5c508fa96caf18e7f389f5d74420605f6d554536f94320d9026
MD5 a562e1d972c0342e1f87bd2a465d1201
BLAKE2b-256 62e59dee101274c10087b8c3f24db2b9007ab271df5dc1b26114709542d6b3f1

See more details on using hashes here.

File details

Details for the file chatsbom-0.3.0-py3-none-any.whl.

File metadata

  • Download URL: chatsbom-0.3.0-py3-none-any.whl
  • Upload date:
  • Size: 50.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.10.0 {"installer":{"name":"uv","version":"0.10.0","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for chatsbom-0.3.0-py3-none-any.whl
Algorithm Hash digest
SHA256 ea9cbe02d4968d5e85b3d6f34620140c390858d7bba3730867d81cee7264ba7f
MD5 94d08d3882ba0e975738ab823d4fe01a
BLAKE2b-256 81e94ded238855c4bd71cca7dffb97b9fa69b4ef294e63f601b2bd8cd783efbe

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page