WS SBOM Generator in SPDX format
Project description
WS SBOM Generator in SPDX format
CLI Tool and a Docker image to generate SBOM report in SPDX format.
- The tool can generate reports on the following scopes (defined with: -s/WS_SCOPE):
- Project token - the tool will generate report on a specific project.
- Product token - teh tool will generate report on all the projects within the product.
- No Token specified - the tool will generate report on all the projects within the organization.
- The tool utilizes spdx-tools.
- The tool accepts additional values which are unknown to WhiteSource via
sbom_extra.json
. - If URL is not stated (defined with: -a/WS_URL), the tool will access saas.
- If report type is not stated (defined with: -t/WS_REPORT_TYPE) the tool will generate a report in tag-value format.
- Supported file formats: json, tv, rdf, xml and yaml.
Supported Operating Systems
- Linux (Bash): CentOS, Debian, Ubuntu, RedHat
- Windows (PowerShell): 10, 2012, 2016
Prerequisites
Python 3.7+
Deployment and Usage
From PyPi (simplest)
Install as a PyPi package:
-
Execute:
pip install ws_sbom_generator
-
Install WS spdx-tools package that contains pre-release of spdx-tools 7 and additional fixes:
- Use this command to install the package above:
pip install --extra-index-url https://github.com/whitesource-ps/ws-sbom-generator/raw/master spdx_tools
- Download spdx-tools from here. Following, install by execute:
pip install spdx_tools-0.7.0a3_ws-py3-none-any.whl
- Usage:
usage: ws_sbom_generator.py [-h] -u WS_USER_KEY -k WS_TOKEN [-s SCOPE_TOKEN] [-a WS_URL] [-t {json,tv,rdf,xml,yaml,all}] [-e EXTRA] [-o OUT_DIR] Utility to create SBOM from WhiteSource data optional arguments: -h, --help show this help message and exit -u WS_USER_KEY, --userKey WS_USER_KEY WS User Key -k WS_TOKEN, --token WS_TOKEN WS Organization Key -s SCOPE_TOKEN, --scope SCOPE_TOKEN Scope token of SBOM report to generate -a WS_URL, --wsUrl WS_URL WS URL -t {json,tv,rdf,xml,yaml,all}, --type {json,tv,rdf,xml,yaml,all} Output type -e EXTRA, --extra EXTRA Extra configuration of SBOM -o OUT_DIR, --out OUT_DIR Output directory
- Use this command to install the package above:
Example:
# Create tag value report on a specific project
ws_sbom_generator -u <WS_USER_KEY> -k <WS_ORG_TOKEN> -a app-eu -s <WS_PROJECT_TOKEN> -e /<path/to>/sbom_extra.json -o </path/reports>
# Creating JSON report on all projects within the product
ws_sbom_generator -u <WS_USER_KEY> -k <WS_ORG_TOKEN> -a https://di.whitesourcesoftware.com -s <WS_PRODUCT_TOKEN> -t json -e /<path/to>/sbom_extra.json -o </path/reports>
Docker container
Installation
docker pull whitesourcetools/ws-sbom-generator:latest
Execution
docker run --name ws-sbom-generator \
-v /<EXTRA_CONF_DIR>:/opt/ws-sbom-generator/sbom-generator/resources \
-v /<REPORT_OUTPUT_DIR>:/opt/ws-sbom-generator/sbom-generator/output \
-e WS_USER_KEY=<USER_KEY> \
-e WS_TOKEN=<ORG_WS_TOKEN> \
-e WS_SCOPE=<WS_SCOPE> \
-e WS_URL=<WS_URL> \
-e WS_TYPE=<WS_TYPE> \
whitesourcetools/ws-sbom-generator
GitHub Package
Installation
- Download and unzip the tool.
- Install the requirements:
pip install -r sbom_generator/requirements.txt
- Edit the file sbom_extra.json with the appropriate values to complete the report:
Execution
Same as the PyPi package but prefix the script with python sbom_report.py...
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
No source distribution files available for this release.See tutorial on generating distribution archives.
Built Distribution
Close
Hashes for ws_sbom_generator-0.3.2-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 6b9eaec2f23e50de435274239495b3ee9092a1737867d98ff53b5669becbfec2 |
|
MD5 | 4b2d914c8a4ad547ee4985f906fee535 |
|
BLAKE2b-256 | 949394e9328b4d995d7f95c3b74c1d495f0019ec45d4c4bd7564cb6b8aab5533 |