GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → CycloneDX → cyclonedx-python

CycloneDX / cyclonedx-python

Licence: Apache-2.0 license
Creates CycloneDX Software Bill of Materials (SBOM) from Python projects and environments.

Programming Languages

python
139335 projects - #7 most used programming language
Dockerfile
14818 projects

Labels

owasppipbomvexspdxbill-of-materialssoftware-bill-of-materialspurlpackage-urlsbomcyclonedxsbom-generatorobommbomsaasbom

Projects that are alternatives of or similar to cyclonedx-python

cyclonedx-php-composer
Create CycloneDX Software Bill of Materials (SBOM) from PHP Composer projects
Stars: ✭ 20 (-74.36%)
Mutual labels:  owasp, bom, vex, spdx, bill-of-materials, software-bill-of-materials, purl, package-url, sbom, cyclonedx, sbom-generator, obom, mbom, saasbom
cyclonedx-dotnet
Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects
Stars: ✭ 110 (+41.03%)
Mutual labels:  owasp, bom, vex, spdx, bill-of-materials, software-bill-of-materials, purl, package-url, sbom, cyclonedx, sbom-generator, obom, mbom, saasbom
cyclonedx-cli
CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
Stars: ✭ 154 (+97.44%)
Mutual labels:  owasp, bom, vex, spdx, bill-of-materials, software-bill-of-materials, purl, package-url, sbom, cyclonedx, sbom-generator, obom, mbom, saasbom
cyclonedx-maven-plugin
Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects
Stars: ✭ 103 (+32.05%)
Mutual labels:  owasp, bom, vex, spdx, bill-of-materials, software-bill-of-materials, purl, package-url, sbom, cyclonedx, sbom-generator, obom, mbom, saasbom
specification
Software Bill of Material (SBOM) standard designed for use in application security contexts and supply chain component analysis
Stars: ✭ 129 (+65.38%)
Mutual labels:  owasp, bom, vex, spdx, bill-of-materials, software-bill-of-materials, sbom, cyclonedx, obom, mbom, saasbom
cyclonedx-gomod
Creates CycloneDX Software Bill of Materials (SBOM) from Go modules
Stars: ✭ 27 (-65.38%)
Mutual labels:  owasp, bom, vex, bill-of-materials, software-bill-of-materials, sbom, sbom-generator, obom, mbom, saasbom
scancode.io
ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!
Stars: ✭ 66 (-15.38%)
Mutual labels:  spdx, purl, package-url, cyclonedx
cyclonedx-node-module
creates CycloneDX Software Bill of Materials (SBOM) from node-based projects
Stars: ✭ 104 (+33.33%)
Mutual labels:  bom, software-bill-of-materials, sbom, cyclonedx
dep-scan
Fully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!
Stars: ✭ 346 (+343.59%)
Mutual labels:  vex, sbom, cyclonedx
SBOM
Examples and proof-of-concept for Software Bill of Materials (SBOM) code & data
Stars: ✭ 38 (-51.28%)
Mutual labels:  bill-of-materials, sbom, sbom-generator
awesome-sbom
A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles
Stars: ✭ 164 (+110.26%)
Mutual labels:  software-bill-of-materials, sbom, sbom-generator
cdxgen
Creates CycloneDX Software Bill-of-Materials (SBOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI//CD pipeline with automatic submission to Dependency Track server.
Stars: ✭ 75 (-3.85%)
Mutual labels:  bom, sbom, cyclonedx
OpossumUI
A light-weight app to audit and inventory large codebases for open source license compliance.
Stars: ✭ 32 (-58.97%)
Mutual labels:  spdx, software-bill-of-materials
KiCost
Build cost spreadsheet for a KiCad project.
Stars: ✭ 376 (+382.05%)
Mutual labels:  bom, bill-of-materials
packageurl-python
Python implementation of the package url spec
Stars: ✭ 26 (-66.67%)
Mutual labels:  purl, package-url
cas
Codenotary Community Attestation Service (CAS) for notarization and authentication of digital artifacts
Stars: ✭ 137 (+75.64%)
Mutual labels:  bom, sbom-generator
lunasec
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
Stars: ✭ 1,261 (+1516.67%)
Mutual labels:  sbom, sbom-generator
packageurl-swift
Swift implementation of the package url spec
Stars: ✭ 21 (-73.08%)
Mutual labels:  purl, package-url
meta-package-manager
🎁 a wrapper around all package managers
Stars: ✭ 277 (+255.13%)
Mutual labels:  pip, sbom
tox-pip-extensions
Augment tox with different installation methods via progressive enhancement.
Stars: ✭ 38 (-51.28%)
Mutual labels:  pip
View All Similar Projects ➔

CycloneDX Python SBOM Generation Tool

shield_gh-workflow-test shield_rtfd shield_pypi-version shield_docker-version shield_license
shield_website shield_slack shield_groups shield_twitter-follow

This project provides a runnable Python-based application for generating CycloneDX bill-of-material documents from either:

  • Your current Python Environment
  • Your project's manifest (e.g. Pipfile.lock, poetry.lock or requirements.txt)
  • Conda as a Package Manager

The BOM will contain an aggregate of all your current project's dependencies, or those defined by the manifest you supply.

CycloneDX is a lightweight BOM specification that is easily created, human-readable, and simple to parse.

Read the full documentation for more details.

Installation

Install this from PyPi.org using your preferred Python package manager.

Example using pip:

pip install cyclonedx-bom

Example using poetry:

poetry add cyclonedx-bom

Usage

Basic usage

$ cyclonedx-bom --help
usage: cyclonedx-bom [-h] (-c | -cj | -e | -p | -pip | -r) [-i FILE_PATH]
                 [--format {json,xml}] [--schema-version {1.4,1.3,1.2,1.1,1.0}]
                 [-o FILE_PATH] [-F] [-X]

CycloneDX SBOM Generator

optional arguments:
  -h, --help            show this help message and exit
  -c, --conda           Build a SBOM based on the output from `conda list
                        --explicit` or `conda list --explicit --md5`
  -cj, --conda-json     Build a SBOM based on the output from `conda list
                        --json`
  -e, --e, --environment
                        Build a SBOM based on the packages installed in your
                        current Python environment (default)
  -p, --p, --poetry     Build a SBOM based on a Poetry poetry.lock's contents.
                        Use with -i to specify absolute pathto a `poetry.lock`
                        you wish to use, else we'll look for one in the
                        current working directory.
  -pip, --pip           Build a SBOM based on a PipEnv Pipfile.lock's
                        contents. Use with -i to specify absolute pathto a
                        `Pipefile.lock` you wish to use, else we'll look for
                        one in the current working directory.
  -r, --r, --requirements
                        Build a SBOM based on a requirements.txt's contents.
                        Use with -i to specify absolute pathto a
                        `requirements.txt` you wish to use, else we'll look
                        for one in the current working directory.
  -X                    Enable debug output

Input Method:
  Flags to determine how `cyclonedx-bom` obtains it's input

  -i FILE_PATH, --in-file FILE_PATH
                        File to read input from. Use "-" to read from STDIN.

SBOM Output Configuration:
  Choose the output format and schema version

  --format {json,xml}   The output format for your SBOM (default: xml)
  --schema-version {1.4,1.3,1.2,1.1,1.0}
                        The CycloneDX schema version for your SBOM (default:
                        1.4)
  -o FILE_PATH, --o FILE_PATH, --output FILE_PATH
                        Output file path for your SBOM (set to '-' to output
                        to STDOUT)
  -F, --force           If outputting to a file and the stated file already
                        exists, it will be overwritten.

Advanced usage and details

See the full documentation for advanced usage and details on input formats, switches and options.

Python Support

We endeavour to support all functionality for all current actively supported Python versions. However, some features may not be possible/present in older Python versions due to their lack of support.

Contributing

Feel free to open issues, bugreports or pull requests.
See the CONTRIBUTING file for details.

Copyright & License

CycloneDX BOM is Copyright (c) OWASP Foundation. All Rights Reserved.
Permission to modify and redistribute is granted under the terms of the Apache 2.0 license.
See the LICENSE file for the full license.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].