WS SBOM Generator in SPDX format
Project description
WS SBOM Report Generator in SPDX format
CLI Tool and a Docker image to generate SBOM report in SPDX format.
- The tool can generate reports on the following scopes (defined with: -s/WS_SCOPE):
- Project token - the tool will generate report on project token.
- Product token - teh tool will generate report on all the projects within the product.
- No Token specified - the tool will generate report on all the projects within the organization.
- The tool utilizes spdx-tools.
- The tool accepts additional values which are unknown to WhiteSource via
sbom_extra.json. - If URL is not stated (defined with: -a/WS_URL), the tool will access saas.
- If report type is not stated (defined with: -t/WS_REPORT_TYPE) the tool will generate the report in tag-value format.
- Supported file formats: json, tv, rdf, xml and yaml.
Supported Operating Systems
- Linux (Bash): CentOS, Debian, Ubuntu, RedHat
- Windows (PowerShell): 10, 2012, 2016
Prerequisites
Python 3.7+
Deployment and Usage
From PyPi (simplest)
Install as PyPi package:
- Execute:
pip install ws_sbom_generator- Usage:
usage: sbom_generator.py [-h] -u WS_USER_KEY -k WS_TOKEN [-s SCOPE_TOKEN] [-a WS_URL] [-t {json,tv,rdf,xml,yaml,all}] [-e EXTRA] [-o OUT_DIR] Utility to create SBOM from WhiteSource data optional arguments: -h, --help show this help message and exit -u WS_USER_KEY, --userKey WS_USER_KEY WS User Key -k WS_TOKEN, --token WS_TOKEN WS Organization Key -s SCOPE_TOKEN, --scope SCOPE_TOKEN Scope token of SBOM report to generate -a WS_URL, --wsUrl WS_URL WS URL -t {json,tv,rdf,xml,yaml,all}, --type {json,tv,rdf,xml,yaml,all} Output type -e EXTRA, --extra EXTRA Extra configuration of SBOM -o OUT_DIR, --out OUT_DIR Output directory
Example:sbomgenerator -u <WS_USER_KEY> -k <WS_ORG_TOKEN> -a saas -s <WS_PROJECT_TOKEN> -t tv -e /<path/to>/sbom_extra.json -o </path/reports>
- Usage:
Docker container
Installation
docker pull whitesourcetools/ws-sbom-generator:latest
Execution
docker run --name ws-sbom-generator \
-v /<EXTRA_CONF_DIR>:/opt/ws-sbom-generator/sbom-generator/resources \
-v /<REPORT_OUTPUT_DIR>:/opt/ws-sbom-generator/sbom-generator/output \
-e WS_USER_KEY=<USER_KEY> \
-e WS_TOKEN=<ORG_WS_TOKEN> \
-e WS_SCOPE=<WS_SCOPE> \
-e WS_URL=<WS_URL> \
-e WS_TYPE=<WS_TYPE> \
whitesourcetools/ws-sbom-generator
GitHub Package
Installation
- Download and unzip the tool.
- Install requirements:
pip install -r sbom_report/requirements.txt - Edit the file sbom_extra.json with the appropriate values to complete the report:
Execution
Same as PyPi package but prefix script with python sbom_report.py...
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
No source distribution files available for this release.See tutorial on generating distribution archives.
Built Distribution
File details
Details for the file ws_sbom_generator-0.3.0.9-py3-none-any.whl.
File metadata
- Download URL: ws_sbom_generator-0.3.0.9-py3-none-any.whl
- Upload date:
- Size: 12.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.2 importlib_metadata/4.8.1 pkginfo/1.7.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.9.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | bcf81073315848ebdfc1a32c96422232e08b4955a1c88f41013bf8fab0acb174 |
|
| MD5 | ac53d05fc12d3707e17b07b34ea49053 |
|
| BLAKE2b-256 | ffb080294699d01559e7f8e1305a0a556c7a2a203163266f32badb64c7547a6f |
