An experimental tool to generate CycloneDX BOM from running Python processes
Project description
pycomponents
An experimental tool to generate CycloneDX SBOM from running Python processes.
Requirements
- Linux and macOS (not tested with Windows)
- Python 3.8+ (tested with Python 3.8, 3.9 and 3.10)
Installation
pip install py-sbom-components
Note: Initially I planned to publish this tool as pycomponents. But it is prohibited by the following restriction.
HTTP Error 400: The name 'pycomponents' is too similar to an existing project. See https://pypi.org/help/#project-name for more information.
Thus, I use this a little bit lengthy name.
Usage
$ pycomponents --help
Usage: pycomponents [OPTIONS]
Options:
--output-format [xml|json] The output format for your SBOM [default:
json]
--output-dir TEXT The output directory [default: ./]
--allow-overwrite / --no-allow-overwrite
Whether to allow overwriting if the same
file exists [default: allow-overwrite]
--exclude-pids INTEGER A list of pids to exclude
--install-completion [bash|zsh|fish|powershell|pwsh]
Install completion for the specified shell.
--show-completion [bash|zsh|fish|powershell|pwsh]
Show completion for the specified shell, to
copy it or customize the installation.
--help Show this message and exit.
Example
See example.
What is the difference from cyclonedx-bom?
cyclonedx-bom's BOM comes from:
- Python Environment
- Project's manifest (e.g. Pipfile.lock, poetry.lock or requirements.txt)
pycomponents uses a different approach to generate SBOM.
- List up Python processes
- Generate components based on site packages used by Python processes
- Generate vulnerabilities in components by using OSV and cve-search
Thus pycomponents generates half-and-half mixed runtime & static SBOM.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
py-sbom-components-0.2.1.tar.gz
(10.3 kB
view details)
Built Distribution
File details
Details for the file py-sbom-components-0.2.1.tar.gz.
File metadata
- Download URL: py-sbom-components-0.2.1.tar.gz
- Upload date:
- Size: 10.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.1.14 CPython/3.9.6 Darwin/21.5.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 45f64c8e82130e72d99b3ebeabf7d671ab29824a3d7d0e8faed205b43edd858b |
|
| MD5 | 05c94af59b23dfac7b25c9988295a2e0 |
|
| BLAKE2b-256 | 9b7247d3664a99d519f04657bd568f55270e0487ec6103d2a9928175fd823d59 |
File details
Details for the file py_sbom_components-0.2.1-py3-none-any.whl.
File metadata
- Download URL: py_sbom_components-0.2.1-py3-none-any.whl
- Upload date:
- Size: 13.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.1.14 CPython/3.9.6 Darwin/21.5.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 545917be1626d0cc0df81448f438e677f500346a0ab94150c743cddb94d32e90 |
|
| MD5 | 6b7427a97ea8392ccdab4060c2264a0d |
|
| BLAKE2b-256 | 446a44d4c0494f8ddc13029014183fb34c130636d2556f5fbb3dd7acdc1841eb |
