A utility to create SBOM Reports in the SPDX or CDX formats
Project description
Mend SBOM Cli
Generation SBOM reports in the SPDX or CycloneDx formats
Supported Operating Systems
- Linux (Bash): CentOS, Debian, Ubuntu
- Windows (PowerShell): 10, 2012, 2016
Prerequisites
- Python 3.9+
- Mend user with admin permissions
Installation
$ pip install mend-sbom-export-cli
Note: Depending on whether the package was installed as a root user or not, you need to make sure the package installation location was added to the
$PATHenvironment variable.
Configuration Parameters
Note: Parameters can be specified as either command-line arguments, environment variables, or a combination of both.
Command-line arguments take precedence over environment variables.
| CLI argument | Env. Variable | Type | Required | Description |
|---|---|---|---|---|
| ‑‑help | switch |
No | Show help and exit | |
| ‑‑api-key | WS_APIKEY |
string |
No* | Mend API Key |
| ‑‑service | WS_SERVICEUSER |
string |
No* | Mend Service User email |
| ‑‑user-key | WS_USERKEY |
string |
Yes | Mend User Key (your own personal user key if Mend API Key provided or user key of service user) |
| ‑‑url | WS_WSS_URL |
string |
Yes | Mend Server URL |
| ‑‑product | WS_PRODUCTTOKEN |
string |
No | Empty String (Include all products). Comma-separated list of Mend Product Tokens that should be included |
| ‑‑project | WS_PROJECTTOKEN |
string |
No | Empty String (Include all projects). Comma-separated list of Mend Project Tokens that should be included |
| ‑‑exclude | WS_EXCLUDETOKEN |
string |
No | Empty String (No exclusions).Commsa-separated list of Mend Project Tokens that should be excluded |
| ‑‑licensetext | bool |
No | Include full license text for all libraries (default: False) |
|
| ‑‑dir | string |
No | Output directory for the report files (default: current folder) |
|
| ‑‑type | string |
No | Report format [spdx cdx] (default: spdx) |
|
| ‑‑threads | int |
No | Number of threads to run in parallel for report generation (default: 10) |
* One of the parameters must be specified (Api-key or Mend Service User email).
The Service User or your user should have the rights to work with the requested org/product/projects.
Execution Examples
Using command-line arguments only:
sbom_export_cli --user-key WS_USERKEY --api-key WS_APIKEY --url $WS_WSS_URL --product `ProductToken1`,`ProductToken2` --project `ProjectToken` --dir $OUTPUT_DIRECTORY
Using environment variables:
export WS_USERKEY=xxxxxxxxxxx
export WS_APIKEY=xxxxxxxxxxx
export WS_WSS_URL=https://saas.mend.io
sbom_export_cli --product `ProductToken`
Note: Either form is accepted. For the rest of the examples, the latter form would be used
Note: In the following examples, $WS_USERKEY, $WS_APIKEY and $WS_WSS_URL are assumed to have been exported as environment variables.
Create CycloneDx SBOM reports
$ sbom_export_cli --project "$WS_PROJECTTOKEN" --dir $HOME/reports --type cdx
Create SPDX reports
$ sbom_export_cli --product "$WS_PRODUCTTOKEN" --dir $HOME/reports --licensetext True
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Hashes for mend_sbom_export_cli-23.12.1-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 40ed63d0eed435d3019f1626cc90d5d9a192997f61ffefb4e23b2311fe59adf9 |
|
| MD5 | 990e20e762183ca9210eaafe31ac1145 |
|
| BLAKE2b-256 | 288cff758c4e54a770ed03500406afc704d28c389336d3bba8c93c9047ab99db |
