ChatSBOM - Talk to your Supply Chain. Chat with SBOMs.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for WangYihang from gravatar.com WangYihang

Unverified details

These details have not been verified by PyPI
Meta
  • Requires: Python >=3.12
Report project as malware

Project description

ChatSBOM

Talk to your Supply Chain. Chat with SBOMs.

ChatSBOM is a CLI tool for indexing and querying Software Bill of Materials (SBOM) data, providing deep insights into project dependencies.

Demo

Why ChatSBOM?

Standard tools like GitHub Dependency Graph don't allow sorting dependents by popularity (stars) (isaacs/github#1537). ChatSBOM solves this by collecting, indexing, and enabling natural language queries over SBOM data.

Features

  • Discover: Find high-quality repositories on GitHub by stars and language.
  • Collect: Enrich metadata and fetch dependency files (go.mod, package.json, etc.).
  • Generate: Transform files into standard SBOM format using Syft.
  • Index: Load SBOM data into ClickHouse for high-performance queries.
  • Query: Use the CLI for stats/searches or AI-powered natural language chat.

Getting Started

1. Prerequisites

  • Docker (for ClickHouse)
  • Syft (for SBOM generation)
  • uv (for AI-powered chat feature)

2. Installation

# Via pip
pip install chatsbom

# Via pipx
pipx install chatsbom

# Or run directly via uvx
uvx chatsbom

3. Setup

Start Database

Option 1: Using docker compose

docker compose up -d

Option 2: Using docker run

docker run -d --name clickhouse -p 8123:8123 --ulimit nofile=262144:262144 clickhouse/clickhouse-server:25.12-alpine
docker exec clickhouse clickhouse-client -q "CREATE DATABASE IF NOT EXISTS chatsbom"
docker exec clickhouse clickhouse-client -q "CREATE USER IF NOT EXISTS admin IDENTIFIED BY 'admin'"
docker exec clickhouse clickhouse-client -q "GRANT ALL ON *.* TO admin WITH GRANT OPTION"
docker exec clickhouse clickhouse-client -q "CREATE USER IF NOT EXISTS guest IDENTIFIED BY 'guest'"
docker exec clickhouse clickhouse-client -q "GRANT SELECT ON chatsbom.* TO guest"
docker exec clickhouse clickhouse-client -q "ALTER USER guest SET PROFILE readonly"

Configure Environment: Set your API keys

export GITHUB_TOKEN="your_github_token"
export ANTHROPIC_AUTH_TOKEN="your_anthropic_token"

4. Basic Workflow

# 1. Search and collect data
chatsbom github search --language go --min-stars 10000
chatsbom github repo --language go
chatsbom github release --language go
chatsbom github commit --language go
chatsbom github content --language go

# 2. Generate and index SBOMs
chatsbom sbom generate --language go
chatsbom db index --language go

# 3. Query insights
chatsbom db status
chatsbom db query gin
chatsbom chat

Use Case: Analyzing Framework Adoption

Find the most popular projects depending on a specific library (e.g., gin) using natural language.

Query

Result

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for WangYihang from gravatar.com WangYihang

Unverified details

These details have not been verified by PyPI
Meta
  • Requires: Python >=3.12

Release history Release notifications | RSS feed

0.5.4

0.5.3

0.5.2

This version

0.5.1

0.5.0

0.4.0

0.3.0

0.2.10

0.2.9

0.2.8

0.2.7

0.2.6

0.2.5

0.2.4

0.2.3

0.2.2

0.2.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

chatsbom-0.5.1.tar.gz (38.9 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

chatsbom-0.5.1-py3-none-any.whl (51.3 kB view details)

Uploaded Python 3

File details

Details for the file chatsbom-0.5.1.tar.gz.

File metadata

  • Download URL: chatsbom-0.5.1.tar.gz
  • Upload date:
  • Size: 38.9 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.10.0 {"installer":{"name":"uv","version":"0.10.0","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for chatsbom-0.5.1.tar.gz
Algorithm Hash digest
SHA256 8de48c3b1a2cb614017493aa93f5465ef3533d1a594e899d122d9b0575f87d63
MD5 42cd21cc173b58a98bf0b0cf4179772b
BLAKE2b-256 764507ee9495e77f3d53582e92e5c13de1dc8b139374c9721d25c8e59db7e6c8

See more details on using hashes here.

File details

Details for the file chatsbom-0.5.1-py3-none-any.whl.

File metadata

  • Download URL: chatsbom-0.5.1-py3-none-any.whl
  • Upload date:
  • Size: 51.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.10.0 {"installer":{"name":"uv","version":"0.10.0","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for chatsbom-0.5.1-py3-none-any.whl
Algorithm Hash digest
SHA256 fda8cf3f341ce49453941eb72460238bf59f8da4166d41f2feba3a6dff30622a
MD5 e9ffcd90c108f403d0289c5f2c7a9112
BLAKE2b-256 a01ab0b47af47cc3a94d51d9be7f4b2b105a6cc95cce2d57f9e47e03bf042c0c

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page