Project description

SBOM for RPM

SBOM4RPM uses existing rpm and dnf features to resolve all dependencies of one or multiple RPM packages and generates an SBOM for each .rpm.

Start a container for building the custom RPM project and mount its directory into it. For example:

podman run -it -v <path-to-project>:/var/<your-project> <build-container> /bin/bash

Proceed by building the custom RPM project and create a repomd (xml-based rpm metadata) repository for your output directory:

# assuming all rpms have been put into '/tmp/custom-artifacts'
createrepo_c /tmp/custom-artifacts

Then install and run SBOM4RPMs:

pip install sbom4rpms
sbom4rpms --rpm-dir=/tmp/custom-artifacts/ --collect-dependencies --sbom-format=spdx --sbom-dir=sboms

The example directory provides collected data and generated SBOMs for BlueChi.

These details have not been verified by PyPI

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

This version

0.0.2

Apr 22, 2024

0.0.1

Apr 22, 2024

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Uploaded Apr 22, 2024 Source

Uploaded Apr 22, 2024 Python 3

Hashes for sbom4rpms-0.0.2.tar.gz
Algorithm	Hash digest
SHA256	`03414e58ec67b29ac518bbbb15457d0456b00fa0dc4b21ef462fa5aa10140af8`
MD5	`5ade67c922e09b739a82683b3e99c88d`
BLAKE2b-256	`ba8e3d9171bc7a272b0547d5a617b9c33579b40118d02399400727741aedc924`

Hashes for sbom4rpms-0.0.2-py3-none-any.whl
Algorithm	Hash digest
SHA256	`b576edc56150412c8da6482095773dfd80f0443397431ad8c1b1fdc9a39ccde2`
MD5	`433cb2793ecf6f2b43b29b2683a21251`
BLAKE2b-256	`f96fbfe5da0b543b479e4b47a99f3ac59ff3024e97d08dabb990dd09be87b932`