ChatSBOM - Talk to your Supply Chain. Chat with SBOMs.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for WangYihang from gravatar.com WangYihang

Unverified details

These details have not been verified by PyPI
Meta
  • Requires: Python >=3.12
Report project as malware

Project description

ChatSBOM

Talk to your Supply Chain. Chat with SBOMs.

ChatSBOM is a CLI tool for deep insights into Software Bill of Materials (SBOM) data.

Demo

Motivation

GitHub's Dependency Graph shows which repositories depend on your project, but there's no way to sort dependents by stars (isaacs/github#1537). This makes it difficult for maintainers of popular packages to identify their most important downstream users. ChatSBOM solves this by collecting and indexing SBOM data, enabling queries like "which popular projects use my library?"

Key Features

  • github search: Find high-quality repos on GitHub (stars/language)
  • github repo/release/commit: Enrich metadata and determine exact versions
  • github content: Fetch dependency files (go.mod, package.json, etc.)
  • sbom generate: Transform files to standard SBOM format using Syft
  • db index: Load SBOM data into ClickHouse database
  • db status/query: View database statistics and search dependencies via CLI
  • chat: AI-powered natural language queries

Quick Start

Prerequisites

  • uv - Python package manager for fast installation and execution
  • syft - SBOM generation tool
  • docker - Container runtime
  • clickhouse - Columnar database

Usage

Run the pipeline step-by-step:

# 1. Search for repositories
uvx chatsbom github search --language go --min-stars 10000

# 2. Enrich metadata
uvx chatsbom github repo --language go
uvx chatsbom github release --language go
uvx chatsbom github commit --language go

# 3. Download dependency files
uvx chatsbom github content --language go

# 4. Generate standard SBOMs
uvx chatsbom sbom generate --language go

# 5. Index into database
uvx chatsbom db index --language go

# 6. Query insights
uvx chatsbom db status
uvx chatsbom db query gin
uvx chatsbom chat

Architecture

ChatSBOM follows a clean, modular pipeline architecture:

Command & Data Flow

github search → repo → release → commit → content → sbom generate → db index
      ↓          ↓       ↓         ↓         ↓           ↓            ↓
    01-list    02-meta 03-rel    04-sha    05-raw      06-sbom      ClickHouse

Directory Structure (data/)

  • 01-github-search/: Initial candidate list from Search API.
  • 02-github-repo/: Enriched repository statistics (Stars, License).
  • 03-github-release/: Version history and stable release identification.
  • 04-github-commit/: Version anchoring to specific Commit SHAs.
  • 05-github-content/: Pure raw manifest files (no management JSONs).
  • 06-sbom/: Pure analysis results (SBOMs) generated by Syft.

Use Cases

Asking AI Agent to retrieve the top 10 projects using gin framework.

01 02

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for WangYihang from gravatar.com WangYihang

Unverified details

These details have not been verified by PyPI
Meta
  • Requires: Python >=3.12

Release history Release notifications | RSS feed

0.5.4

0.5.3

0.5.2

0.5.1

0.5.0

This version

0.4.0

0.3.0

0.2.10

0.2.9

0.2.8

0.2.7

0.2.6

0.2.5

0.2.4

0.2.3

0.2.2

0.2.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

chatsbom-0.4.0.tar.gz (3.3 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

chatsbom-0.4.0-py3-none-any.whl (51.0 kB view details)

Uploaded Python 3

File details

Details for the file chatsbom-0.4.0.tar.gz.

File metadata

  • Download URL: chatsbom-0.4.0.tar.gz
  • Upload date:
  • Size: 3.3 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.10.0 {"installer":{"name":"uv","version":"0.10.0","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for chatsbom-0.4.0.tar.gz
Algorithm Hash digest
SHA256 b4a0397c9759319a740abd1ab64f82385152c0b3a0896042d9aa132519f95a86
MD5 975835e7acb38f31b64d70295b20a7c8
BLAKE2b-256 e7086e43447c79747df5ae7458e1cb03bfa423eb420dd362395aaea865994c23

See more details on using hashes here.

File details

Details for the file chatsbom-0.4.0-py3-none-any.whl.

File metadata

  • Download URL: chatsbom-0.4.0-py3-none-any.whl
  • Upload date:
  • Size: 51.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.10.0 {"installer":{"name":"uv","version":"0.10.0","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for chatsbom-0.4.0-py3-none-any.whl
Algorithm Hash digest
SHA256 9593d4013f0c0858e3bd38f8d5273fdbcdbc17a3933d4af886fdde5a81bb539d
MD5 a0377371c1a52f4db3970948d4592792
BLAKE2b-256 2501ce70691fcac3bed07745c28d5fe0cff1753702b86407343f7d2b7f927a18

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page