# Diffused Library
The core Python library providing vulnerability scanning and diffing functionality for container images and SBOMs (Software Bill of Materials). This library enables programmatic access to vulnerability analysis capabilities.
## Features
- 🔍 **Vulnerability Scanning**: Automated scanning of SBOMs using [Trivy](https://trivy.dev/) or scanning of container images using [RHACS](https://www.redhat.com/pt-br/technologies/cloud-computing/openshift/advanced-cluster-security-kubernetes)
- 📊 **SBOM Diffing**: Direct comparison of SPDX-JSON formatted SBOMs (Trivy only)
- 📄 **Flexible Output**: Programmatic access to vulnerability data
- 🐍 **Python API**: Clean, intuitive Python interface
## Installation
### Prerequisites
1. **Install the scanner**:
1. **Trivy**: Follow the [official Trivy installation guide](https://aquasecurity.github.io/trivy/latest/getting-started/installation/)
2. **RHACS**: Follow the [official roxctl installation guide](https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.8/html/roxctl_cli/index)
2. **Python Environment**: Ensure Python 3.9+ is installed
### From Source
```bash
cd diffused
pip install -e .
```
### From PyPI
```bash
pip install diffused-lib
```
## Usage
### Basic Library Usage
#### Comparing Container Images
```python
from diffused.differ import VulnerabilityDiffer
# Create a differ instance for container images
vuln_differ = VulnerabilityDiffer(
previous_image="ubuntu:20.04",
next_image="ubuntu:22.04",
scan_type="image" # Automatically scans images
)
# Retrieve the vulnerabilities diff (list of fixed CVEs)
fixed_vulnerabilities = vuln_differ.vulnerabilities_diff
print(f"Fixed vulnerabilities: {fixed_vulnerabilities}")
# Get detailed information about each fixed vulnerability
detailed_info = vuln_differ.vulnerabilities_diff_all_info
```
#### Comparing SBOMs
```python
from diffused.differ import VulnerabilityDiffer
# Create a differ instance for SBOMs
vuln_differ = VulnerabilityDiffer(
previous_sbom="previous.sbom.json",
next_sbom="current.sbom.json",
scan_type="sbom" # Automatically scans SBOMs
)
# Retrieve the vulnerabilities diff
fixed_vulnerabilities = vuln_differ.vulnerabilities_diff
```
#### Using Different Scanners
```python
from diffused.differ import VulnerabilityDiffer
# Use Trivy scanner (default)
trivy_differ = VulnerabilityDiffer(
previous_image="nginx:1.20",
next_image="nginx:1.21",
scanner="trivy",
scan_type="image"
)
# Use ACS scanner (requires ROX_ENDPOINT and ROX_API_TOKEN environment variables)
acs_differ = VulnerabilityDiffer(
previous_image="nginx:1.20",
next_image="nginx:1.21",
scanner="acs",
scan_type="image"
)
```
Raw data
{
"_id": null,
"home_page": null,
"name": "diffused-lib",
"maintainer": null,
"docs_url": null,
"requires_python": "<4.0,>=3.9",
"maintainer_email": null,
"keywords": "container, scanning, security, vulnerability",
"author": "Willian Rampazzo",
"author_email": "willianr@redhat.com",
"download_url": "https://files.pythonhosted.org/packages/85/ce/c39433b388cb2ea783ad1d9a5f841d4c36874bfc48c4804a83e097083185/diffused_lib-0.2.0.tar.gz",
"platform": null,
"description": "# Diffused Library\n\nThe core Python library providing vulnerability scanning and diffing functionality for container images and SBOMs (Software Bill of Materials). This library enables programmatic access to vulnerability analysis capabilities.\n\n## Features\n\n- \ud83d\udd0d **Vulnerability Scanning**: Automated scanning of SBOMs using [Trivy](https://trivy.dev/) or scanning of container images using [RHACS](https://www.redhat.com/pt-br/technologies/cloud-computing/openshift/advanced-cluster-security-kubernetes)\n- \ud83d\udcca **SBOM Diffing**: Direct comparison of SPDX-JSON formatted SBOMs (Trivy only)\n- \ud83d\udcc4 **Flexible Output**: Programmatic access to vulnerability data\n- \ud83d\udc0d **Python API**: Clean, intuitive Python interface\n\n## Installation\n\n### Prerequisites\n\n1. **Install the scanner**:\n 1. **Trivy**: Follow the [official Trivy installation guide](https://aquasecurity.github.io/trivy/latest/getting-started/installation/)\n 2. **RHACS**: Follow the [official roxctl installation guide](https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.8/html/roxctl_cli/index)\n2. **Python Environment**: Ensure Python 3.9+ is installed\n\n### From Source\n\n```bash\ncd diffused\npip install -e .\n```\n\n### From PyPI\n\n```bash\npip install diffused-lib\n```\n\n## Usage\n\n### Basic Library Usage\n\n#### Comparing Container Images\n\n```python\nfrom diffused.differ import VulnerabilityDiffer\n\n# Create a differ instance for container images\nvuln_differ = VulnerabilityDiffer(\n previous_image=\"ubuntu:20.04\",\n next_image=\"ubuntu:22.04\",\n scan_type=\"image\" # Automatically scans images\n)\n\n# Retrieve the vulnerabilities diff (list of fixed CVEs)\nfixed_vulnerabilities = vuln_differ.vulnerabilities_diff\nprint(f\"Fixed vulnerabilities: {fixed_vulnerabilities}\")\n\n# Get detailed information about each fixed vulnerability\ndetailed_info = vuln_differ.vulnerabilities_diff_all_info\n```\n\n#### Comparing SBOMs\n\n```python\nfrom diffused.differ import VulnerabilityDiffer\n\n# Create a differ instance for SBOMs\nvuln_differ = VulnerabilityDiffer(\n previous_sbom=\"previous.sbom.json\",\n next_sbom=\"current.sbom.json\",\n scan_type=\"sbom\" # Automatically scans SBOMs\n)\n\n# Retrieve the vulnerabilities diff\nfixed_vulnerabilities = vuln_differ.vulnerabilities_diff\n```\n\n#### Using Different Scanners\n\n```python\nfrom diffused.differ import VulnerabilityDiffer\n\n# Use Trivy scanner (default)\ntrivy_differ = VulnerabilityDiffer(\n previous_image=\"nginx:1.20\",\n next_image=\"nginx:1.21\",\n scanner=\"trivy\",\n scan_type=\"image\"\n)\n\n# Use ACS scanner (requires ROX_ENDPOINT and ROX_API_TOKEN environment variables)\nacs_differ = VulnerabilityDiffer(\n previous_image=\"nginx:1.20\",\n next_image=\"nginx:1.21\",\n scanner=\"acs\",\n scan_type=\"image\"\n)\n```\n",
"bugtrack_url": null,
"license": null,
"summary": "A vulnerability scan diffing library for container images and SBOMs",
"version": "0.2.0",
"project_urls": {
"documentation": "https://github.com/konflux-ci/diffused/tree/main/docs",
"homepage": "https://github.com/konflux-ci/diffused",
"repository": "https://github.com/konflux-ci/diffused"
},
"split_keywords": [
"container",
" scanning",
" security",
" vulnerability"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "4dd4c66a97a492ac91e6728fe6f5fdd39fe739f5a64e8d1b3fd47e341ae2414b",
"md5": "e3980978266a3bf25fa7ae2500efdaee",
"sha256": "e820d35f65d1f52508cc0ef294f82d8c268aae9e5cdd89a353c506b9cc81072a"
},
"downloads": -1,
"filename": "diffused_lib-0.2.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "e3980978266a3bf25fa7ae2500efdaee",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "<4.0,>=3.9",
"size": 9258,
"upload_time": "2025-10-22T14:54:15",
"upload_time_iso_8601": "2025-10-22T14:54:15.654544Z",
"url": "https://files.pythonhosted.org/packages/4d/d4/c66a97a492ac91e6728fe6f5fdd39fe739f5a64e8d1b3fd47e341ae2414b/diffused_lib-0.2.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "85cec39433b388cb2ea783ad1d9a5f841d4c36874bfc48c4804a83e097083185",
"md5": "cd3634461637c7a87dd01fb09f5ab4b3",
"sha256": "e1ee6a2420cc4a7d87ca57bd0fabe318a6e41a7c93e3ddac6e250278025f6bbf"
},
"downloads": -1,
"filename": "diffused_lib-0.2.0.tar.gz",
"has_sig": false,
"md5_digest": "cd3634461637c7a87dd01fb09f5ab4b3",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "<4.0,>=3.9",
"size": 14936,
"upload_time": "2025-10-22T14:54:16",
"upload_time_iso_8601": "2025-10-22T14:54:16.806733Z",
"url": "https://files.pythonhosted.org/packages/85/ce/c39433b388cb2ea783ad1d9a5f841d4c36874bfc48c4804a83e097083185/diffused_lib-0.2.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-10-22 14:54:16",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "konflux-ci",
"github_project": "diffused",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"tox": true,
"lcname": "diffused-lib"
}
JSON
