Skip to main content

No project description provided

Project description

SBOM for RPM

SBOM4RPM uses existing rpm and dnf features to resolve all dependencies of one or multiple RPM packages and generates an SBOM for each .rpm.

Usage

Start a container for building the custom RPM project and mount its directory into it. For example:

podman run -it -v <path-to-project>:/var/<your-project> <build-container> /bin/bash

Proceed by building the custom RPM project and create a repomd (xml-based rpm metadata) repository for your output directory:

# assuming all rpms have been put into '/tmp/custom-artifacts'
createrepo_c /tmp/custom-artifacts

Then install and run SBOM4RPMs:

pip install sbom4rpms
sbom4rpms --rpm-dir=/tmp/custom-artifacts/ --collect-dependencies --sbom-format=spdx --sbom-dir=sboms

Example: BlueChi

The example directory provides collected data and generated SBOMs for BlueChi.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sbom4rpms-0.0.2.tar.gz (10.9 kB view hashes)

Uploaded Source

Built Distribution

sbom4rpms-0.0.2-py3-none-any.whl (14.9 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page