Project description

SBOM for RPM

SBOM4RPM uses existing rpm and dnf features to resolve all dependencies of one or multiple RPM packages and generates an SBOM for each .rpm.

Start a container for building the custom RPM project and mount its directory into it. For example:

podman run -it -v <path-to-project>:/var/<your-project> <build-container> /bin/bash

Proceed by building the custom RPM project and create a repomd (xml-based rpm metadata) repository for your output directory:

# assuming all rpms have been put into '/tmp/custom-artifacts'
createrepo_c /tmp/custom-artifacts

Then install and run SBOM4RPMs:

pip install sbom4rpms
sbom4rpms --rpm-dir=/tmp/custom-artifacts/ --collect-dependencies --sbom-format=spdx --sbom-dir=sboms

The example directory provides collected data and generated SBOMs for BlueChi.

These details have not been verified by PyPI

This version

0.0.2

Apr 22, 2024

0.0.1

Apr 22, 2024

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Uploaded Apr 22, 2024 Source

Uploaded Apr 22, 2024 Python 3

Details for the file sbom4rpms-0.0.2.tar.gz.

Hashes for sbom4rpms-0.0.2.tar.gz
Algorithm	Hash digest
SHA256	`03414e58ec67b29ac518bbbb15457d0456b00fa0dc4b21ef462fa5aa10140af8`
MD5	`5ade67c922e09b739a82683b3e99c88d`
BLAKE2b-256	`ba8e3d9171bc7a272b0547d5a617b9c33579b40118d02399400727741aedc924`

Details for the file sbom4rpms-0.0.2-py3-none-any.whl.

Hashes for sbom4rpms-0.0.2-py3-none-any.whl
Algorithm	Hash digest
SHA256	`b576edc56150412c8da6482095773dfd80f0443397431ad8c1b1fdc9a39ccde2`
MD5	`433cb2793ecf6f2b43b29b2683a21251`
BLAKE2b-256	`f96fbfe5da0b543b479e4b47a99f3ac59ff3024e97d08dabb990dd09be87b932`