Skip to main content

WS SBOM Generator in SPDX format

Project description

Logo
License CI Python 3.8 GitHub release

WS SBOM Generator in SPDX format

CLI Tool and a Docker image to generate SBOM report in SPDX format.

  • The tool can generate reports on the following scopes (defined with: -s/WS_SCOPE_TOKEN):
    • Specific Project token - the tool will generate a report on a specific project (user key and token of organization admin or of Product Admin).
    • No Token specified - the tool will generate a report on all the projects within the organization (user key and token of organization admin).
  • To run the tool with product-level permissions pass -y product along with the product token (-k) and user key with permission on this product (-u).
  • The tool utilizes a forked package of spdx-tools.
  • The tool accepts additional values which are unknown to WhiteSource (-e sbom_extra.json).
  • If URL is not stated (defined with: -a/WS_URL), the tool will access saas.
  • If report type is not stated (defined with: -t/WS_REPORT_TYPE) the tool will generate a report in tag-value format.
    • Supported file formats: json, tv, rdf, xml and yaml.

Permissions to run the tool

The user key used (-u) must be a member of one of the following groups:

  • Organization Administrator - For dynamically obtaining the organization name and generating reports on all projects (in all products).
  • Product Administrator (-y must be passed ) - For running on a specific project or all projects within the product.

Prerequisites

Python 3.8+

Installation and Execution by pulling package from PyPi:

  1. Execute pip install pip install ws-sbom-generator
    • Note: If installing packages as a non-root be sure to include the path to the executables within the Operating System paths.
  2. Run report: ws_sbom_generator -u <WS_USER_KEY> -k <WS_TOKEN> -a <WS_URL> -t <WS_REPORT_TYPE> {json,tv,rdf,xml,yaml,all} -e <EXTRA> -o <OUT_DIR>
    • Note: If installing packages as a non-root be sure to include the path to the executables within the Operating System paths.

Optional arguments:

  -h, --help            show this help message and exit
  -u WS_USER_KEY, --userKey
                  WS User Key
  -k WS_TOKEN, --token 
                  WS Org Token (API Key) or WS Product Token
  -s WS_SCOPE_TOKEN, --scope 
                  Scope token of SBOM report to generate
  -y WS_TOKEN_TYPE, --tokenType {product, organization}
                  Optional WS Token type to be stated in case WS Org Token
                  does not have organization level permissions
  -a WS_URL, --wsUrl {saas, app, app-eu, saas-eu, your_url}
                  WS URL 
  -t WS_REPORT_TYPE, --type {json,tv,rdf,xml,yaml,all}
                  Report type
  -e EXTRA, --extra 
                  Extra configuration of SBOM
  -o OUT_DIR, --out 
                  Output directory

Examples:

# Create tag value report on a specific project 
ws_sbom_generator -u <WS_USER_KEY> -k <WS_ORG_TOKEN> -a app-eu -s <WS_PROJECT_TOKEN> -e /<path/to>/sbom_extra.json -o </path/reports>

# Create tag value report on all projects of product 
ws_sbom_generator -u <WS_USER_KEY> -k <WS_ORG_TOKEN> -a app-eu -s <WS_PRODUCT_TOKEN> -e /<path/to>/sbom_extra.json -o </path/reports>

# Creating JSON report on all projects of organization
ws_sbom_generator -u <WS_USER_KEY> -k <WS_ORG_TOKEN> -a https://di.whitesourcesoftware.com -t json -o </path/reports>

# Creating XML report on a project with a user which only has product permissions (SAAS organization)   
ws_sbom_generator -u <WS_USER_KEY> -y product -k <WS_PRODUCT_TOKEN> -s <WS_PROJECT_TOKEN> -t xml -e /<path/to>/sbom_extra.json -o </path/reports>

Docker container

Installation:

docker pull whitesourcetools/ws-sbom-generator:latest 

Execution:

docker run --name ws-sbom-generator \ 
  -v /<EXTRA_CONF_DIR>:/opt/ws-sbom-generator/sbom-generator/resources \ 
  -v /<REPORT_OUTPUT_DIR>:/opt/ws-sbom-generator/sbom-generator/output \
  -e WS_USER_KEY=<USER_KEY> \ 
  -e WS_TOKEN=<WS_ORG_TOKEN> \
  -e WS_URL=<WS_URL> \
  -e WS_REPORT_TYPE=<REPORT_TYPE> \
  whitesourcetools/ws-sbom-generator 

Examples (Docker):

# Run tool as Org Administrator on all projects, default extra args and output in JSON format.
docker run --name ws-sbom-generator \  
  -v /<EXTRA_CONF_DIR>:/opt/ws-sbom-generator/sbom_generator/resources \ 
  -v /<REPORT_OUTPUT_DIR>:/opt/ws-sbom-generator/sbom_generator/output \
  -e WS_USER_KEY=<USER_KEY> \ 
  -e WS_TOKEN=<WS_ORG_TOKEN> \
  -e WS_URL=saas \
  -e WS_REPORT_TYPE=json
  whitesourcetools/ws-sbom-generator
  
# Run tool as Org Administrator on specific project, default extra args and output in tv format.
docker run --name ws-sbom-generator \  
  -v /<EXTRA_CONF_DIR>:/opt/ws-sbom-generator/sbom_generator/resources \
  -v /<REPORT_OUTPUT_DIR>:/opt/ws-sbom-generator/sbom_generator/output \
  -e WS_USER_KEY=<USER_KEY> \ 
  -e WS_TOKEN=<WS_ORG_TOKEN> \
  -e WS_SCOPE_TOKEN=<WS_PROJECT_TOKEN> \
  -e WS_URL=https://di.whitesourcesoftware.com \
  whitesourcetools/ws-sbom-generator

# Run tool as Product Administrator on specific project, default extra args and output in rdf format.
docker run --name ws-sbom-generator \  
  -v /<EXTRA_CONF_DIR>:/opt/ws-sbom-generator/sbom_generator/resources \
  -v /<REPORT_OUTPUT_DIR>:/opt/ws-sbom-generator/sbom_generator/output \
  -e WS_USER_KEY=<USER_KEY> \ 
  -e WS_TOKEN=<WS_PROD_TOKEN> \
  -e WS_SCOPE_TOKEN=<WS_PROJECT_TOKEN> \
  -e WS_URL=app-eu \
  -e WS_TOKEN_TYPE=product
  whitesourcetools/ws-sbom-generator

Sample extra configuration (--extra/-e switch)

{
  "namespace": "http://CreatorWebsite/pathToSpdx/DocumentName-UUID",
  "org_email": "org@email.address",
  "person": "person name",
  "person_email": "person@email.address"
}

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

ws_sbom_generator-0.6.1-py3-none-any.whl (13.8 kB view details)

Uploaded Python 3

File details

Details for the file ws_sbom_generator-0.6.1-py3-none-any.whl.

File metadata

File hashes

Hashes for ws_sbom_generator-0.6.1-py3-none-any.whl
Algorithm Hash digest
SHA256 e88ceda2d6dcc262d1ffd899250b8c0b40d8ba1bb919d9e4cd12f03df813f9c6
MD5 8ce022898576d4af512bf181f647cc52
BLAKE2b-256 9170ce2e4ef0a0dc50ce8bed85f2940081a611446f8ed9e5d74d20f988d79e65

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page