sbom4rpms

Release 0.0.2

Homepage Repository PyPI Python

Keywords
SBOM, RPM, Generation
License
Other
Install
pip install sbom4rpms==0.0.2

Documentation

SBOM for RPM

SBOM4RPM uses existing rpm and dnf features to resolve all dependencies of one or multiple RPM packages and generates an SBOM for each .rpm.

Usage

Start a container for building the custom RPM project and mount its directory into it. For example:

podman run -it -v <path-to-project>:/var/<your-project> <build-container> /bin/bash

Proceed by building the custom RPM project and create a repomd (xml-based rpm metadata) repository for your output directory:

# assuming all rpms have been put into '/tmp/custom-artifacts'
createrepo_c /tmp/custom-artifacts

Then install and run SBOM4RPMs:

pip install sbom4rpms
sbom4rpms --rpm-dir=/tmp/custom-artifacts/ --collect-dependencies --sbom-format=spdx --sbom-dir=sboms

Example: BlueChi

The example directory provides collected data and generated SBOMs for BlueChi.

Stats

Dependencies
1
Dependent packages
0
Dependent repositories
0
Total releases
2
Latest release
First release
Stars
0
Forks
0
Watchers
1
Contributors
1
Repository size
189 KB
SourceRank
7

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

0.0.2
0.0.1

Contributors

Michael Engel


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2024-04-22 15:54:07 UTC

Login to resync this project