Apt2sbom python package generates SPDX or YAML files

Overview

Welcome to apt2sbom

This package contains a library and a CLI tool to convert a Ubuntu software package inventory to a software bill of materials. You are in the wrong place if you are not running Ubuntu.

The package is under active development. Don't be surprised if something doesn't work quite right. please see CONTRIBUTING.md for details.

Building

Building is easy:

  1. Bop the version on setup.cfg
  2. python3 -m build -w
  3. cd dist
  4. pip3 install that file

Do this, of course, on a Ubuntu system.

Usage

To use the CLI tool:

% apt2sbom (--json|--yaml|--cyclonedx [--pip])

Will produce either JSON or YAML forms of an SPDX file, or the JSON form of a CycloneDX file . There is no default. Pick one.

To include python packages, add --pip.

There is also a werkzeug interface so that an SBOM file can be delivered via HTTP. To use, create a simple wsgi file as follows:

from apt2sbom.wsbom import app as application  
application = create_app(\_name\_)

and call that file from your httpd. An apache example follows:

WSGIScriptAlias /.well-known/sbom /usr/lib/cgi-bin/sbom.wsgi
WSGIPassAuthorization On

When this is done, a very simple password file is expected in /etc/sbom.users:

{
   "user" : "password",
   "otheruser" : "otherpassword",
    ...
}

The passwords aren't hashed. This is clearly something that has to be addressed in the future.

The type of SBOM returned depends on the Accepts: header sent.

You might also like...
Config files for my GitHub profile.

Config files for my GitHub profile.

Configuration Extractor for EXE4J PE files
Configuration Extractor for EXE4J PE files

EXE4J Configuration Extractor This script helps reverse engineering Portable Executable files created with EXE4J by extracting their configuration dat

A tool to manage configuration files, build scripts etc. across multiple projects.

A tool to manage configuration files, build scripts etc. across multiple projects.

filetailor is a peer-based configuration management utility for plain-text files such as dotfiles.
filetailor is a peer-based configuration management utility for plain-text files such as dotfiles.

filetailor filetailor is a peer-based configuration management utility for plain-text files (and directories) such as dotfiles. Files are backed up to

Config files for my GitHub profile.

Hacked This is a python base script from which you can hack or clone any person's facebook friendlist or followers accounts which have simple password

An application pulls configuration information from JSON files generated
An application pulls configuration information from JSON files generated

AP Provisioning Automation An application pulls configuration information from JSON files generated by Ekahau and then uses Netmiko to configure the l

KConfig Browser is a graphical application which allows you to modify KDE configuration files found in ~/.config
KConfig Browser is a graphical application which allows you to modify KDE configuration files found in ~/.config

kconfig_browser KConfig Browser is a graphical application which allows you to modify KDE configuration files found in ~/.config Screenshot Why I crea

Python 3+ compatible port of the configobj library

configobj Python 3+ compatible port of the configobj library. Documentation You can find a full manual on how to use ConfigObj at readthedocs. If you

Configuration Management for Python ⚙

dynaconf - Configuration Management for Python. Features Inspired by the 12-factor application guide Settings management (default values, validation,

Comments
  • A possible alternative library for apt

    A possible alternative library for apt

    This is tool looking very nice... FWIW I maintain this library https://github.com/nexB/debian-inspector that has a different approach as it can deal with installed debian package in a static way e.g., even if you are not on Debian or when you are trying to get the installed packages from a tarball, or a container image. You may find it useful or entertaining!

    See it used here https://github.com/nexB/scancode-toolkit/blob/1dfd73a28fed3bdd3bb6554eeda35f52fb3d86f9/src/packagedcode/debian.py#L160

    opened by pombredanne 2
Owner
Eliot Lear
IoT scaredy cat. Jack of all CS trades, and master of none.
Eliot Lear
Python YAML Environment (ymlenv) by Problem Fighter Library

In the name of God, the Most Gracious, the Most Merciful. PF-PY-YMLEnv Documentation Install and update using pip: pip install -U PF-PY-YMLEnv Please

Problem Fighter 2 Jan 20, 2022
Pydantic-ish YAML configuration management.

Pydantic-ish YAML configuration management.

Dribia Data Research 18 Oct 27, 2022
A YAML validator for Programming Historian lessons.

phyaml A simple YAML validator for Programming Historian lessons. USAGE: python3 ph-lesson-yaml-validator.py lesson.md The script automatically detect

Riva Quiroga 1 Nov 7, 2021
Dag-bakery - Dag Bakery enables the capability to define Airflow DAGs via YAML.

DAG Bakery - WIP ?? dag-bakery aims to simplify our DAG development by removing all the boilerplate and duplicated code when defining multiple DAG cro

Typeform 2 Jan 8, 2022
Yamale (ya·ma·lē) - A schema and validator for YAML.

Yamale (ya·ma·lē) ⚠️ Ensure that your schema definitions come from internal or trusted sources. Yamale does not protect against intentionally maliciou

23andMe 534 Dec 21, 2022
Organize Django settings into multiple files and directories. Easily override and modify settings. Use wildcards and optional settings files.

Organize Django settings into multiple files and directories. Easily override and modify settings. Use wildcards in settings file paths and mark setti

Nikita Sobolev 942 Jan 5, 2023
Python Marlin Configurator to make valid configuration files to be used to compile Marlin with.

marlin-configurator Concept originally imagined by The-EG using PowerShell Build Script for Marlin Configurations The purpose of this project is to pa

DevPeeps 2 Oct 9, 2021
Read configuration settings from python configuration files.

Maison Read configuration settings from python configuration files. Motivation When developing a python application, e.g a command-line tool, it can b

null 9 Jan 4, 2023
A Python library to parse PARI/GP configuration and header files

pari-utils A Python library to parse PARI/GP configuration and header files. This is mainly used in the code generation of https://github.com/sagemath

Sage Mathematical Software System 3 Sep 18, 2022
Generate config files and qr codes for wireguard vpn

wireguard config generator for python Generate config files and qr codes for wireguard vpn You will need to install qrcode and pillow in python and yo

null 18 Dec 2, 2022