An experimental tool to generate CycloneDX BOM from running Python processes
Project description
pycomponents
An experimental tool to generate CycloneDX SBOM from running Python processes.
Requirements
- Linux and macOS (not tested with Windows)
- Python 3.8+ (tested with Python 3.8, 3.9 and 3.10)
Installation
pip install py-sbom-components
Note: Initially I planned to publish this tool as pycomponents. But it is prohibited by the following restriction.
HTTP Error 400: The name 'pycomponents' is too similar to an existing project. See https://pypi.org/help/#project-name for more information.
Thus, I use this a little bit lengthy name.
Usage
$ pycomponents --help
Usage: pycomponents [OPTIONS]
Options:
--output-format [xml|json] The output format for your SBOM [default:
json]
--output-dir TEXT The output directory [default: ./]
--allow-overwrite / --no-allow-overwrite
Whether to allow overwriting if the same
file exists [default: allow-overwrite]
--exclude-pids INTEGER A list of pids to exclude
--install-completion [bash|zsh|fish|powershell|pwsh]
Install completion for the specified shell.
--show-completion [bash|zsh|fish|powershell|pwsh]
Show completion for the specified shell, to
copy it or customize the installation.
--help Show this message and exit.
Example
See example.
What is the difference from cyclonedx-bom?
cyclonedx-bom's BOM comes from:
- Python Environment
- Project's manifest (e.g. Pipfile.lock, poetry.lock or requirements.txt)
pycomponents uses a different approach to generate SBOM.
- List up Python processes
- Generate components based on site packages used by Python processes
- Generate vulnerabilities in components by using OSV and cve-search
Thus pycomponents generates half-and-half mixed runtime & static SBOM.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file py-sbom-components-0.2.1.tar.gz.
File metadata
- Download URL: py-sbom-components-0.2.1.tar.gz
- Upload date:
- Size: 10.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.1.14 CPython/3.9.6 Darwin/21.5.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
45f64c8e82130e72d99b3ebeabf7d671ab29824a3d7d0e8faed205b43edd858b
|
|
| MD5 |
05c94af59b23dfac7b25c9988295a2e0
|
|
| BLAKE2b-256 |
9b7247d3664a99d519f04657bd568f55270e0487ec6103d2a9928175fd823d59
|
File details
Details for the file py_sbom_components-0.2.1-py3-none-any.whl.
File metadata
- Download URL: py_sbom_components-0.2.1-py3-none-any.whl
- Upload date:
- Size: 13.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.1.14 CPython/3.9.6 Darwin/21.5.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
545917be1626d0cc0df81448f438e677f500346a0ab94150c743cddb94d32e90
|
|
| MD5 |
6b7427a97ea8392ccdab4060c2264a0d
|
|
| BLAKE2b-256 |
446a44d4c0494f8ddc13029014183fb34c130636d2556f5fbb3dd7acdc1841eb
|
