WS SBOM Generator in SPDX format
Project description
WS SBOM Generator in SPDX format
CLI Tool and a Docker image to generate SBOM report in SPDX format.
- The tool can generate reports on the following scopes (defined with: -s/WS_SCOPE):
- Project token - the tool will generate a report for the specific WS project.
- Product token - the tool will generate a report for all the projects within the WS product.
- No Token specified - the tool will generate a report on all the projects within the WS organization.
- The tool utilizes spdx-tools.
- The tool accepts additional values which are unknown to WhiteSource via
sbom_extra.json
. - If URL is not stated (defined with: -a/WS_URL), the tool will access saas.
- If report type is not stated (defined with: -t/WS_REPORT_TYPE) the tool will generate a report in tag-value format.
- Supported file formats: json, tv, rdf, xml and yaml.
Supported Operating Systems
- Linux (Bash): CentOS, Debian, Ubuntu, RedHat
- Windows (PowerShell): 10, 2012, 2016
Prerequisites
Python 3.7+
Deployment and Usage
From PyPi (simplest)
Install as a PyPi package:
-
Execute:
pip install ws_sbom_generator
-
Install WS spdx-tools package that contains pre-release of spdx-tools 7 and additional fixes.
Download and install spdx-tools from here
- Usage:
usage: sbom_generator.py [-h] -u WS_USER_KEY -k WS_TOKEN [-s SCOPE_TOKEN] [-a WS_URL] [-t {json,tv,rdf,xml,yaml,all}] [-e EXTRA] [-o OUT_DIR] Utility to create SBOM from WhiteSource data optional arguments: -h, --help show this help message and exit -u WS_USER_KEY, --userKey WS_USER_KEY WS User Key -k WS_TOKEN, --token WS_TOKEN WS Organization Key -s SCOPE_TOKEN, --scope SCOPE_TOKEN Scope token of SBOM report to generate -a WS_URL, --wsUrl WS_URL WS URL -t {json,tv,rdf,xml,yaml,all}, --type {json,tv,rdf,xml,yaml,all} Output type -e EXTRA, --extra EXTRA Extra configuration of SBOM -o OUT_DIR, --out OUT_DIR Output directory
Example:sbom_generator -u <WS_USER_KEY> -k <WS_ORG_TOKEN> -a saas -s <WS_PROJECT_TOKEN> -t tv -e /<path/to>/sbom_extra.json -o </path/reports>
- Usage:
Docker container
Installation
docker pull whitesourcetools/ws-sbom-generator:latest
Execution
docker run --name ws-sbom-generator \
-v /<EXTRA_CONF_DIR>:/opt/ws-sbom-generator/sbom-generator/resources \
-v /<REPORT_OUTPUT_DIR>:/opt/ws-sbom-generator/sbom-generator/output \
-e WS_USER_KEY=<USER_KEY> \
-e WS_TOKEN=<ORG_WS_TOKEN> \
-e WS_SCOPE=<WS_SCOPE> \
-e WS_URL=<WS_URL> \
-e WS_TYPE=<WS_TYPE> \
whitesourcetools/ws-sbom-generator
GitHub Package
Installation
- Download and unzip the tool.
- Install the requirements:
pip install -r sbom_generator/requirements.txt
- Edit the file sbom_extra.json with the appropriate values to complete the report:
Execution
Same as the PyPi package but prefix the script with python sbom_report.py...
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
No source distribution files available for this release.See tutorial on generating distribution archives.
Built Distribution
Close
Hashes for ws_sbom_generator-0.3.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 3636562f0602f9f4fe761fe41acdda63584b94589673e4e2dae4a12d9a5460a2 |
|
MD5 | cafde8dc15a24781a266a90672f00e33 |
|
BLAKE2b-256 | 601fff40b82211cee233a0309c9d3701addd247a391c44590a573fdffcf34159 |