CycloneDX Software Bill of Materials (SBOM) generation utility
Project description
CycloneDX Python SBOM Generation Tool
This project provides a runnable Python-based application for generating CycloneDX bill-of-material documents from either:
- Your current Python Environment
- Your project's manifest (e.g.
Pipfile.lock
,poetry.lock
orrequirements.txt
) - Conda as a Package Manager
The BOM will contain an aggregate of all your current project's dependencies, or those defined by the manifest you supply.
CycloneDX is a lightweight BOM specification that is easily created, human-readable, and simple to parse.
Read the full documentation for more details.
Installation
Install this from PyPi.org using your preferred Python package manager.
Example using pip
:
pip install cyclonedx-bom
Example using poetry
:
poetry add cyclonedx-bom
Usage
Basic usage
$ cyclonedx-bom --help usage: cyclonedx-bom [-h] (-c | -cj | -e | -p | -pip | -r) [-i FILE_PATH] [--format {json,xml}] [--schema-version {1.4,1.3,1.2,1.1,1.0}] [-o FILE_PATH] [-F] [-X] CycloneDX SBOM Generator optional arguments: -h, --help show this help message and exit -c, --conda Build a SBOM based on the output from `conda list --explicit` or `conda list --explicit --md5` -cj, --conda-json Build a SBOM based on the output from `conda list --json` -e, --e, --environment Build a SBOM based on the packages installed in your current Python environment (default) -p, --p, --poetry Build a SBOM based on a Poetry poetry.lock's contents. Use with -i to specify absolute pathto a `poetry.lock` you wish to use, else we'll look for one in the current working directory. -pip, --pip Build a SBOM based on a PipEnv Pipfile.lock's contents. Use with -i to specify absolute pathto a `Pipefile.lock` you wish to use, else we'll look for one in the current working directory. -r, --r, --requirements Build a SBOM based on a requirements.txt's contents. Use with -i to specify absolute pathto a `requirements.txt` you wish to use, else we'll look for one in the current working directory. -X Enable debug output Input Method: Flags to determine how `cyclonedx-bom` obtains it's input -i FILE_PATH, --in-file FILE_PATH File to read input from. Use "-" to read from STDIN. SBOM Output Configuration: Choose the output format and schema version --format {json,xml} The output format for your SBOM (default: xml) --schema-version {1.4,1.3,1.2,1.1,1.0} The CycloneDX schema version for your SBOM (default: 1.4) -o FILE_PATH, --o FILE_PATH, --output FILE_PATH Output file path for your SBOM (set to '-' to output to STDOUT) -F, --force If outputting to a file and the stated file already exists, it will be overwritten. -pb, --purl-bom-ref Use a component's purl for the bom-ref value, instead of a random UUID
Advanced usage and details
See the full documentation for advanced usage and details on input formats, switches and options.
Python Support
We endeavour to support all functionality for all current actively supported Python versions. However, some features may not be possible/present in older Python versions due to their lack of support.
Contributing
Feel free to open issues, bugreports or pull requests.
See the CONTRIBUTING file for details.
Copyright & License
CycloneDX BOM is Copyright (c) OWASP Foundation. All Rights Reserved.
Permission to modify and redistribute is granted under the terms of the Apache 2.0 license.
See the LICENSE file for the full license.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for cyclonedx_bom-3.5.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | da06ff3388ec0ffa874cf6bf1fe4da79ebc89e7cb69202bb1c0fb7744208fcb9 |
|
MD5 | a7537dc1f679b18b08ca2781b14ff0e7 |
|
BLAKE2-256 | 4d4a561bba7e2ce3e7b8cbf90cff2de2cb87cfab73a5b3886d4344cf7259aa61 |