A tool for generating and managing Software Bill of Materials (SBOM).

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for araszka from gravatar.com araszka

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Ales Raszka
  • Tags sbom , spdx , cyclonedx , security
  • Requires: Python <4.0, >=3.10
Classifiers
Report project as malware

Project description

Mobster

The Mobster project is a Python-based tool and ecosystem to work with SBOM (Software Bill of Materials) documents. Its goal is to provide unified interface for generating, manipulating and consuming SBOM documents in various formats.

The tools is designed to cover a whole lifecycle of SBOM documents. The major stages are:

  • Generation: Generate SBOMs document from various sources (Syft, Hermeto, etc.)
  • Augmentation: Augment SBOM documents with additional information that are not present in the phase of generation. This phase is usually done in the release phase where we know more information about the software.
  • Validation: Validate a quality of the SBOM document in different stages of the lifecycle. The validation is done by the Product Security team guidelies.
  • Distribution: Distribute the SBOM document to various set of locations (e.g. Trusted Profile Analyzer, container registry, etc.)

Getting started

To use the Mobster tool, you need to install it first. There are multiple ways to isnstall the tool:

Using pip

pip install mobster
mobster --help

Using container image

podman pull quay.io/konflux-ci/mobster:latest
podman run -it quay.io/konflux-ci/mobster:latest mobster --help

Development environment

Follow an instruction in the development-environment.md file to set up your development environment.

Contributing

We welcome contributions to the Mobster project! If you would like to contribute, please follow these steps:

  1. Fork the repository
  2. Create a new branch for your feature or bug fix
  3. Make your changes and commit them with a clear message (following the conventional commit format) (e.g. feat: add new feature or fix: fix a bug)
  4. Open a pull request to the main repository
  5. Make sure the CI checks pass and the code is properly formatted
  6. Wait for the review and address any comments or suggestions
  7. Once your changes are approved, they will be merged into the main branch
  8. Congratulations! You have successfully contributed to the Mobster project

Release process

The release process is automated using GitHub Actions and Konflux. The process is described in detail in the release.md file.

Documentation

The documentation for the Mobster project is available at the Mobster Gitbub pages.

License

This project is licensed under the Apache License 2.0. See the LICENSE file for details.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for araszka from gravatar.com araszka

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Ales Raszka
  • Tags sbom , spdx , cyclonedx , security
  • Requires: Python <4.0, >=3.10
Classifiers

Release history Release notifications | RSS feed

2.0.0

1.2.0

1.1.0

1.0.0

This version

0.7.0

0.6.0

0.5.0

0.4.0

0.3.0

0.2.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

mobster-0.7.0.tar.gz (67.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

mobster-0.7.0-py3-none-any.whl (88.5 kB view details)

Uploaded Python 3

File details

Details for the file mobster-0.7.0.tar.gz.

File metadata

  • Download URL: mobster-0.7.0.tar.gz
  • Upload date:
  • Size: 67.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.12.9

File hashes

Hashes for mobster-0.7.0.tar.gz
Algorithm Hash digest
SHA256 a3cb53fac26e52b95f6f1dc8cd0a8122e263553cad2f18fb6a74b2c5a0f6e8fb
MD5 ca24b25cfa815827131b8e9e0c4877c5
BLAKE2b-256 51bf04c1cc67383277dd8a6eb556637faf981c3575aa2402441d9940b2fbc84f

See more details on using hashes here.

Provenance

The following attestation bundles were made for mobster-0.7.0.tar.gz:

Publisher: release.yaml on konflux-ci/mobster

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file mobster-0.7.0-py3-none-any.whl.

File metadata

  • Download URL: mobster-0.7.0-py3-none-any.whl
  • Upload date:
  • Size: 88.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.12.9

File hashes

Hashes for mobster-0.7.0-py3-none-any.whl
Algorithm Hash digest
SHA256 8091ac2b05cc986bda993b2e7b184932f88bbc8551bc8e89f6425b428e29704c
MD5 6a59884a3cad28092be188ed0b2572a7
BLAKE2b-256 df232e9f798446d044ffc1b618c834b1cbb316b3875169977eea018d07394266

See more details on using hashes here.

Provenance

The following attestation bundles were made for mobster-0.7.0-py3-none-any.whl:

Publisher: release.yaml on konflux-ci/mobster

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page