Giters

thozza / sbom4rpm

Fork of https://github.com/engelmi/sbom4rpm

Home Page:https://pypi.org/project/sbom4rpms/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

SBOM for RPM

SBOM4RPM uses existing rpm and dnf features to resolve all dependencies of one or multiple RPM packages and generates an SBOM for each .rpm.

Usage

Start a container for building the custom RPM project and mount its directory into it. For example:

podman run -it -v <path-to-project>:/var/<your-project> <build-container> /bin/bash

Proceed by building the custom RPM project and create a repomd (xml-based rpm metadata) repository for your output directory:

# assuming all rpms have been put into '/tmp/custom-artifacts'
createrepo_c /tmp/custom-artifacts

Then install and run SBOM4RPMs:

pip install sbom4rpms
sbom4rpms --rpm-dir=/tmp/custom-artifacts/ --collect-dependencies --sbom-format=spdx --sbom-dir=sboms

Example: BlueChi

The example directory provides collected data and generated SBOMs for BlueChi.

About

Fork of https://github.com/engelmi/sbom4rpm

https://pypi.org/project/sbom4rpms/

License:Other

Languages

Language:Python 100.0%