An experimental tool to generate CycloneDX BOM from running Python processes

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for ninoseki from gravatar.com ninoseki

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

Author: Manabu Niseki

Requires: Python >=3.8, <4.0

Classifiers

Project description

pycomponents

PyPI version Python CI

An experimental tool to generate CycloneDX SBOM from running Python processes.

Requirements

  • Linux and macOS (not tested with Windows)
  • Python 3.8+ (tested with Python 3.8, 3.9 and 3.10)

Installation

pip install py-sbom-components

Note: Initially I planned to publish this tool as pycomponents. But it is prohibited by the following restriction.

HTTP Error 400: The name 'pycomponents' is too similar to an existing project. See https://pypi.org/help/#project-name for more information.

Thus, I use this a little bit lengthy name.

Usage

$ pycomponents --help
Usage: pycomponents [OPTIONS]

Options:
  --output-format [xml|json]      The output format for your SBOM  [default:
                                  json]
  --output-dir TEXT               The output directory  [default: ./]
  --allow-overwrite / --no-allow-overwrite
                                  Whether to allow overwriting if the same
                                  file exists  [default: allow-overwrite]
  --exclude-pids INTEGER          A list of pids to exclude
  --install-completion [bash|zsh|fish|powershell|pwsh]
                                  Install completion for the specified shell.
  --show-completion [bash|zsh|fish|powershell|pwsh]
                                  Show completion for the specified shell, to
                                  copy it or customize the installation.
  --help                          Show this message and exit.

Example

See example.

What is the difference from cyclonedx-bom?

cyclonedx-bom's BOM comes from:

  • Python Environment
  • Project's manifest (e.g. Pipfile.lock, poetry.lock or requirements.txt)

pycomponents uses a different approach to generate SBOM.

  • List up Python processes
  • Generate components based on site packages used by Python processes
  • Generate vulnerabilities in components by using OSV and cve-search

Thus pycomponents generates half-and-half mixed runtime & static SBOM.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for ninoseki from gravatar.com ninoseki

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

Author: Manabu Niseki

Requires: Python >=3.8, <4.0

Classifiers

Release history Release notifications | RSS feed

This version

0.2.1

0.2.0

0.1.2

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

py-sbom-components-0.2.1.tar.gz (10.3 kB view hashes)

Uploaded Source

Built Distribution

py_sbom_components-0.2.1-py3-none-any.whl (13.4 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page