WS SBOM Generator in SPDX format
Project description
WS SBOM Generator in SPDX format
CLI Tool and a Docker image to generate SBOM report in SPDX format.
- The tool can generate reports on the following scopes (defined with: -s/WS_SCOPE):
- Project token - the tool will generate report on a specific project.
- Product token - teh tool will generate report on all the projects within the product.
- No Token specified - the tool will generate report on all the projects within the organization.
- The tool utilizes a forked package of spdx-tools.
- The tool accepts additional values which are unknown to WhiteSource via
sbom_extra.json
. - If URL is not stated (defined with: -a/WS_URL), the tool will access saas.
- If report type is not stated (defined with: -t/WS_REPORT_TYPE) the tool will generate a report in tag-value format.
- Supported file formats: json, tv, rdf, xml and yaml.
Supported Operating Systems
- Linux (Bash): CentOS, Debian, Ubuntu, RedHat
- Windows (PowerShell): 10, 2012, 2016
Prerequisites
Python 3.7+
Deployment and Usage
From PyPi (simplest)
Install as a PyPi package:
Execute: pip install ws-sbom-generator
Usage:
```shell
usage: ws_sbom_generator.py [-h] -u WS_USER_KEY -k WS_TOKEN [-s SCOPE_TOKEN] [-a WS_URL] [-t {json,tv,rdf,xml,yaml,all}] [-e EXTRA] [-o OUT_DIR]
Utility to create SBOM from WhiteSource data
optional arguments:
-h, --help show this help message and exit
-u WS_USER_KEY, --userKey WS_USER_KEY
WS User Key
-k WS_TOKEN, --token WS_TOKEN
WS Organization Key
-s SCOPE_TOKEN, --scope SCOPE_TOKEN
Scope token of SBOM report to generate
-a WS_URL, --wsUrl WS_URL
WS URL
-t {json,tv,rdf,xml,yaml,all}, --type {json,tv,rdf,xml,yaml,all}
Output type
-e EXTRA, --extra EXTRA
Extra configuration of SBOM
-o OUT_DIR, --out OUT_DIR
Output directory
```
Examples:
# Create tag value report on a specific project
ws_sbom_generator -u <WS_USER_KEY> -k <WS_ORG_TOKEN> -a app-eu -s <WS_PROJECT_TOKEN> -e /<path/to>/sbom_extra.json -o </path/reports>
# Creating JSON report on all projects within the product
ws_sbom_generator -u <WS_USER_KEY> -k <WS_ORG_TOKEN> -a https://di.whitesourcesoftware.com -s <WS_PRODUCT_TOKEN> -t json -e /<path/to>/sbom_extra.json -o </path/reports>
Docker container
Installation:
docker pull whitesourcetools/ws-sbom-generator:latest
Execution:
docker run --name ws-sbom-generator \
-v /<EXTRA_CONF_DIR>:/opt/ws-sbom-generator/sbom-generator/resources \
-v /<REPORT_OUTPUT_DIR>:/opt/ws-sbom-generator/sbom-generator/output \
-e WS_USER_KEY=<USER_KEY> \
-e WS_TOKEN=<ORG_WS_TOKEN> \
-e WS_SCOPE=<WS_SCOPE> \
-e WS_URL=<WS_URL> \
-e WS_TYPE=<WS_TYPE> \
whitesourcetools/ws-sbom-generator
GitHub Package
Installation
- Download and unzip the tool.
- Install the requirements:
pip install -r sbom_generator/requirements.txt
- Edit the file sbom_extra.json with the appropriate values to complete the report:
Execution
Same as the PyPi package but prefix the script with python sbom_report.py...
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
No source distribution files available for this release.See tutorial on generating distribution archives.
Built Distribution
File details
Details for the file ws_sbom_generator-0.3.7a2-py3-none-any.whl
.
File metadata
- Download URL: ws_sbom_generator-0.3.7a2-py3-none-any.whl
- Upload date:
- Size: 13.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.7.1 importlib_metadata/4.10.0 pkginfo/1.8.2 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.9.9
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | ed503b13f78e2f48f2c560df96ee2d3ff5eb9fcd1136011e278d13f54d4598e5 |
|
MD5 | fac640924f2fad2c7240b30342a6c46a |
|
BLAKE2b-256 | 20cca91bb99c2abe604e139b581ad606b0fa8e8b718d2300f03af65593762200 |