This tool generates Software Bill of material (SBOM) documents in OWASP CycloneDX format. This is probably the most accurate, complete SBOM generator for any python-related projects.
Supported data sources are:
- Python (virtual) environment
- Poetry manifest and lockfile
- Pipenv manifest and lockfile
- Pip's requirements file format format
- PDM manifest and lockfile support is not implemented, yet. However, PDM's Python virtual environments are fully supported. See the :doc:`docs </usage>` for an example.
- uv manifest and lockfile are not explicitly supported. However, uv's Python virtual environments are fully supported. See the :doc:`docs </usage>` for an example.
- Conda as a package manager is no longer supported since version 4. However, conda's Python environments are fully supported via the methods listed above. See the :doc:`docs </usage>` for an example.
Based on OWASP Software Component Verification Standard for Software Bill of Materials's criteria, this tool is capable of producing SBOM documents almost passing Level-2 (only signing needs to be done externally).
The resulting SBOM documents follow official specifications and standards, and might have properties following the Namespace Taxonomies cdx:python, cdx:pipenv, cdx:poetry.
.. toctree:: :maxdepth: 2 :caption: Contents: install usage contributing support Changelog <changelog> upgrading