Skip to content

Latest commit

 

History

History
64 lines (55 loc) · 2.8 KB

File metadata and controls

64 lines (55 loc) · 2.8 KB

CycloneDX SBOM Generation Tool for Python

This tool generates Software Bill of material (SBOM) documents in OWASP CycloneDX format. This is probably the most accurate, complete SBOM generator for any python-related projects.

Supported data sources are:

  • Python (virtual) environment
  • Poetry manifest and lockfile
  • Pipenv manifest and lockfile
  • Pip's requirements file format format
  • PDM manifest and lockfile support is not implemented, yet. However, PDM's Python virtual environments are fully supported. See the :doc:`docs </usage>` for an example.
  • uv manifest and lockfile are not explicitly supported. However, uv's Python virtual environments are fully supported. See the :doc:`docs </usage>` for an example.
  • Conda as a package manager is no longer supported since version 4. However, conda's Python environments are fully supported via the methods listed above. See the :doc:`docs </usage>` for an example.

Based on OWASP Software Component Verification Standard for Software Bill of Materials's criteria, this tool is capable of producing SBOM documents almost passing Level-2 (only signing needs to be done externally).

The resulting SBOM documents follow official specifications and standards, and might have properties following the Namespace Taxonomies cdx:python, cdx:pipenv, cdx:poetry.

.. toctree::
   :maxdepth: 2
   :caption: Contents:

   install
   usage
   contributing
   support
   Changelog <changelog>
   upgrading