ChatSBOM - Talk to your Supply Chain. Chat with SBOMs.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for WangYihang from gravatar.com WangYihang

Unverified details

These details have not been verified by PyPI
Meta
  • Requires: Python >=3.12
Report project as malware

Project description

ChatSBOM

Talk to your Supply Chain. Chat with SBOMs.

ChatSBOM is a CLI tool for indexing and querying Software Bill of Materials (SBOM) data, providing deep insights into project dependencies.

Gin

Demo

Features

  • Discover: Find high-quality repositories on GitHub by stars and language.
  • Collect: Enrich metadata and fetch dependency files (go.mod, package.json, etc.).
  • Generate: Transform files into standard SBOM format using Syft.
  • Index: Load SBOM data into ClickHouse for high-performance queries.
  • Query: Use the CLI for stats/searches to get insights into project dependencies.
  • Chat: Use the AI-powered natural language chat to chat with SBOM data.

Getting Started

1. Prerequisites

  • Docker (for ClickHouse)
  • Syft (for SBOM generation)
  • uv (for AI-powered chat feature)

2. Installation

# Via pip
pip install chatsbom

# Via pipx
pipx install chatsbom

# Or run directly via uvx
uvx chatsbom

3. Setup

Start Database

Option 1: Using docker compose

docker compose up -d

Option 2: Using docker run

docker run -d --name clickhouse -p 8123:8123 --ulimit nofile=262144:262144 clickhouse/clickhouse-server:25.12-alpine
docker exec clickhouse clickhouse-client -q "CREATE DATABASE IF NOT EXISTS chatsbom"
docker exec clickhouse clickhouse-client -q "CREATE USER IF NOT EXISTS admin IDENTIFIED BY 'admin'"
docker exec clickhouse clickhouse-client -q "GRANT ALL ON *.* TO admin WITH GRANT OPTION"
docker exec clickhouse clickhouse-client -q "CREATE USER IF NOT EXISTS guest IDENTIFIED BY 'guest'"
docker exec clickhouse clickhouse-client -q "GRANT SELECT ON chatsbom.* TO guest"
docker exec clickhouse clickhouse-client -q "ALTER USER guest SET PROFILE readonly"

Configure Environment: Set your API keys

export GITHUB_TOKEN="your_github_token"
export ANTHROPIC_AUTH_TOKEN="your_anthropic_token"

4. Basic Workflow

# 1. Search and collect data
chatsbom github search --language go --min-stars 10000
chatsbom github repo --language go
chatsbom github release --language go
chatsbom github commit --language go
chatsbom github content --language go

# 2. Generate and index SBOMs
chatsbom sbom generate --language go
chatsbom db index --language go

# 3. Query insights
chatsbom db status
chatsbom db query gin
chatsbom chat

Use Case: Analyzing Framework Adoption

Find the most popular projects depending on a specific library (e.g., gin) using natural language.

Query

Result

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for WangYihang from gravatar.com WangYihang

Unverified details

These details have not been verified by PyPI
Meta
  • Requires: Python >=3.12

Release history Release notifications | RSS feed

0.5.4

0.5.3

This version

0.5.2

0.5.1

0.5.0

0.4.0

0.3.0

0.2.10

0.2.9

0.2.8

0.2.7

0.2.6

0.2.5

0.2.4

0.2.3

0.2.2

0.2.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

chatsbom-0.5.2.tar.gz (39.1 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

chatsbom-0.5.2-py3-none-any.whl (51.9 kB view details)

Uploaded Python 3

File details

Details for the file chatsbom-0.5.2.tar.gz.

File metadata

  • Download URL: chatsbom-0.5.2.tar.gz
  • Upload date:
  • Size: 39.1 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.10.0 {"installer":{"name":"uv","version":"0.10.0","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for chatsbom-0.5.2.tar.gz
Algorithm Hash digest
SHA256 d4f1c105e575d0fdc6f312bffdebbc50a49d632dea4f11bd08c0b87604fb55ed
MD5 85f523dbb800831cc84b9fa82cf2c048
BLAKE2b-256 c6ec496fa481c4ae2996c9ac36a9d4c5c27b0dfe49f0a87523448807fb2fc283

See more details on using hashes here.

File details

Details for the file chatsbom-0.5.2-py3-none-any.whl.

File metadata

  • Download URL: chatsbom-0.5.2-py3-none-any.whl
  • Upload date:
  • Size: 51.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.10.0 {"installer":{"name":"uv","version":"0.10.0","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for chatsbom-0.5.2-py3-none-any.whl
Algorithm Hash digest
SHA256 0b27813c6e0afa669169897feaaf452ad4ab6ce8297cef37dc7a556e887a9e3d
MD5 534493a8fe83da6c79925a65f812950c
BLAKE2b-256 7f60060339ccf4f08b85ebea0b0674fa68490c7c47e92c266cf352dbba5501d1

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page