Python agent for Metaport SBOM generation and reporting
Project description
What is this?
A client library which connects any Python app to a Metaport server using the CycloneDX SBOM standard for data interchange.
How to use
Introduction
The library will automatically generate an SBOM for your app, submit it to Metaport and subsequently delete it. Data can be sent using the HTTP or Email transports. See the docs site for example requests.
The library provides a single executable metaport.py. It's designed to be invoked on a schedule via cron from within an application's production environment or as part of a CI/CD pipeline.
This library supports traditional pip-based (requirements.txt), Poetry-based (pyproject.toml and poetry.lock), and Pipfile managed apps. Vulnerabilities will be reported to Metaport by it invoking the following commands (and in this order): poetry audit and pip-audit. If neither command is available, no vulnerability data will be sent (with --classic=1). If vulnerability data is required in this scenario, consider running a side-by-side instance of DependencyTrack, and configuring Metaport to it for dependencies and vulnerabilties (without passing --classic=1), instead of Poetry or Pip.
Requirements
This package requires Python 3.5+. If used as part of a CI/CD setup, it can be installed as a throwaway dependency via Poetry's --dev switch ala poetry add --dev, or as a permanent dependency of your PHP application.
Install
- Poetry
As part of production apps:
poetry add metaport-agent-python
- Pip
pip install metaport-agent-python
- Environment Variables
There are some environment variables which need to be set before the lib will operate correctly. Please see the docs site for more detailed installation and configuration instructions and examples.
Supported Frameworks and CMS's
Yours not listed? Contributions are very welcome. Please file an issue and issue a Merge Request, it's a one-line file change!
- Django
- Flask
- Quart
- Pyramid
- Bottle
- Wagtail
- Django CMS
- Pylons
- FastAPI
- Tornado
- CherryPy
- web2py
- Falcon
- Sanic
- Starlette
- Molten
- Klein
- wheezy
- turbogears
Development Setup
Virtual Environment
# Create virtual environment
python -m venv .venv
# Activate virtual environment
# On Linux/macOS:
source .venv/bin/activate
# On Windows:
.venv\Scripts\activate
# Install development dependencies
pip install -r requirements-dev.txt
Using Poetry
# Install Poetry if not already installed
pip install poetry
# Install dependencies
poetry install
# Activate virtual environment
poetry shell
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file metaport_agent_python-1.0.2.tar.gz.
File metadata
- Download URL: metaport_agent_python-1.0.2.tar.gz
- Upload date:
- Size: 40.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.18
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
cfad3bcd7f8bd0b747b06fa3f817cd5734dfcb3a82a92e073daec35ee46eda60
|
|
| MD5 |
4deb8e1b6e56fbc255acef94fee31f69
|
|
| BLAKE2b-256 |
447afaa42047eb7728e751f42f1a942162376b3f08cc2f6245d89d5dc18d950a
|
File details
Details for the file metaport_agent_python-1.0.2-py3-none-any.whl.
File metadata
- Download URL: metaport_agent_python-1.0.2-py3-none-any.whl
- Upload date:
- Size: 48.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.18
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d73bc634e73fff2eea150778a2ba5f4a10ba31a1fcf5c3cceec503a48d5ce696
|
|
| MD5 |
e4fce6dfdfdfbae6f007cf1822594a15
|
|
| BLAKE2b-256 |
5dd58e6c59ca24a7a7dbbb63fca8b320089091a2737bcc59585557f18a859a4b
|
