ChatSBOM - Talk to your Supply Chain. Chat with SBOMs.
Project description
ChatSBOM
Talk to your Supply Chain. Chat with SBOMs.
ChatSBOM is a CLI tool for indexing and querying Software Bill of Materials (SBOM) data, providing deep insights into project dependencies.
Why ChatSBOM?
Standard tools like GitHub Dependency Graph don't allow sorting dependents by popularity (stars) (isaacs/github#1537). ChatSBOM solves this by collecting, indexing, and enabling natural language queries over SBOM data.
Features
- Discover: Find high-quality repositories on GitHub by stars and language.
- Collect: Enrich metadata and fetch dependency files (
go.mod,package.json, etc.). - Generate: Transform files into standard SBOM format using Syft.
- Index: Load SBOM data into ClickHouse for high-performance queries.
- Query: Use the CLI for stats/searches or AI-powered natural language chat.
Getting Started
1. Prerequisites
2. Installation
# Via pip
pip install chatsbom
# Via pipx
pipx install chatsbom
# Or run directly via uvx
uvx chatsbom
3. Setup
- Start Database:
docker-compose up -d - Configure Environment: Copy
.env.exampleto.envand add your keys:GITHUB_TOKEN: For GitHub API access.ANTHROPIC_AUTH_TOKEN: For thechatfeature.
4. Basic Workflow
# 1. Search and collect data
chatsbom github search --language go --min-stars 10000
chatsbom github repo --language go
chatsbom github release --language go
chatsbom github commit --language go
chatsbom github content --language go
# 2. Generate and index SBOMs
chatsbom sbom generate --language go
chatsbom db index --language go
# 3. Query insights
chatsbom db status
chatsbom db query gin
chatsbom chat
Use Case: Analyzing Framework Adoption
Find the most popular projects depending on a specific library (e.g., gin) using natural language.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file chatsbom-0.5.0.tar.gz.
File metadata
- Download URL: chatsbom-0.5.0.tar.gz
- Upload date:
- Size: 3.3 MB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: uv/0.10.0 {"installer":{"name":"uv","version":"0.10.0","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
03358a1abab124efa59c35aabeb3b88c0353e02bd502f7fc62cb9a5bca209b2f
|
|
| MD5 |
83b579b6d9614b696025951d6c701ed8
|
|
| BLAKE2b-256 |
b2ad3410252bd46b0f01b2d8be6f5b64b87aaab58e54f6f3e04118f6dce31c00
|
File details
Details for the file chatsbom-0.5.0-py3-none-any.whl.
File metadata
- Download URL: chatsbom-0.5.0-py3-none-any.whl
- Upload date:
- Size: 50.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: uv/0.10.0 {"installer":{"name":"uv","version":"0.10.0","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
dff46e2934442e7a50f6eb0541da5c55b62804c124df99e7dee7b8324bacca1f
|
|
| MD5 |
8a88526cf2085f81a24f2c79ec1b3df9
|
|
| BLAKE2b-256 |
9404cee7c017b8fbd7fc8bc51903eab6166ceb90e55d62869c4c35d780b206e8
|
