ossbomer


Nameossbomer JSON
Version 0.1.4 PyPI version JSON
download
home_pagehttps://github.com/Xpertians/xmonkey-ossbomer
SummarySBOMs quality validator for Open Source License Compliance.
upload_time2024-12-02 19:04:17
maintainerNone
docs_urlNone
authorOscar Valenzuela
requires_python>=3.6
licenseApache 2.0
keywords
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            OSSBOMER
=========

OSSBOMER is a CLI tool designed to validate Software Bill of Materials (SBOMs) for quality, compliance, and metadata integrity. It supports SPDX and CycloneDX formats.

Features
--------

- **License Validation**: Checks components in the SBOM for blocked, weak-copyleft, or unknown licenses.
- **PURL Validation**: Flags problematic Package URLs (PURLs) based on exact matches or regex patterns.
- **Schema Validation**: Ensures SBOMs conform to their respective schema (SPDX or CycloneDX) and NTIA requirements.
- **Metadata Validation**: Verifies the presence of essential metadata such as SPDX IDs and creation timestamps.
- **Dataset Management**:
  - Updates license rules and package signatures from remote sources.
  - Provides an inventory of dataset versions.

Installation
------------

1. Clone the repository:

   .. code-block:: bash

      git clone https://github.com/your-org/ossbomer.git
      cd ossbomer

2. Install the package:

   .. code-block:: bash

      pip install .

3. Verify the installation:

   .. code-block:: bash

      ossbomer --help

Usage
-----

Validate an SBOM
~~~~~~~~~~~~~~~~
Validate an SBOM for quality and compliance:

.. code-block:: bash

   ossbomer validate <path-to-sbom>

**Example**

.. code-block:: bash

   ossbomer validate samples/example-sbom.json

**Output**

::

   * Checking licenses...
   Blocked license detected for component 'insecure-package': GPL-3.0
   * Checking PURLs...
   Warning: Problematic PURL detected - pkg:deb/example-package@1.0.0?distro=debian
   * Validating schema and metadata...
   * Validation complete!

Update Datasets
~~~~~~~~~~~~~~~
Update license rules and package signatures from remote sources:

.. code-block:: bash

   ossbomer update

**Output**

::

   Datasets updated successfully!

Show Version
~~~~~~~~~~~~
Display the current version of OSSBOMER:

.. code-block:: bash

   ossbomer version

View Dataset Inventory
~~~~~~~~~~~~~~~~~~~~~~
Display an inventory of dataset files and their versions:

.. code-block:: bash

   ossbomer inventory

License
-------

OSSBOMER is licensed under the Apache-2.0 License. See the `LICENSE <LICENSE>`_ file for details.


            

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/Xpertians/xmonkey-ossbomer",
    "name": "ossbomer",
    "maintainer": null,
    "docs_url": null,
    "requires_python": ">=3.6",
    "maintainer_email": null,
    "keywords": null,
    "author": "Oscar Valenzuela",
    "author_email": "oscar.valenzuela.b@gmail.com",
    "download_url": "https://files.pythonhosted.org/packages/58/1b/4ec3c002d8be05f10eaddefdd84e5fe74630a52d663e24f097132f736072/ossbomer-0.1.4.tar.gz",
    "platform": null,
    "description": "OSSBOMER\n=========\n\nOSSBOMER is a CLI tool designed to validate Software Bill of Materials (SBOMs) for quality, compliance, and metadata integrity. It supports SPDX and CycloneDX formats.\n\nFeatures\n--------\n\n- **License Validation**: Checks components in the SBOM for blocked, weak-copyleft, or unknown licenses.\n- **PURL Validation**: Flags problematic Package URLs (PURLs) based on exact matches or regex patterns.\n- **Schema Validation**: Ensures SBOMs conform to their respective schema (SPDX or CycloneDX) and NTIA requirements.\n- **Metadata Validation**: Verifies the presence of essential metadata such as SPDX IDs and creation timestamps.\n- **Dataset Management**:\n  - Updates license rules and package signatures from remote sources.\n  - Provides an inventory of dataset versions.\n\nInstallation\n------------\n\n1. Clone the repository:\n\n   .. code-block:: bash\n\n      git clone https://github.com/your-org/ossbomer.git\n      cd ossbomer\n\n2. Install the package:\n\n   .. code-block:: bash\n\n      pip install .\n\n3. Verify the installation:\n\n   .. code-block:: bash\n\n      ossbomer --help\n\nUsage\n-----\n\nValidate an SBOM\n~~~~~~~~~~~~~~~~\nValidate an SBOM for quality and compliance:\n\n.. code-block:: bash\n\n   ossbomer validate <path-to-sbom>\n\n**Example**\n\n.. code-block:: bash\n\n   ossbomer validate samples/example-sbom.json\n\n**Output**\n\n::\n\n   * Checking licenses...\n   Blocked license detected for component 'insecure-package': GPL-3.0\n   * Checking PURLs...\n   Warning: Problematic PURL detected - pkg:deb/example-package@1.0.0?distro=debian\n   * Validating schema and metadata...\n   * Validation complete!\n\nUpdate Datasets\n~~~~~~~~~~~~~~~\nUpdate license rules and package signatures from remote sources:\n\n.. code-block:: bash\n\n   ossbomer update\n\n**Output**\n\n::\n\n   Datasets updated successfully!\n\nShow Version\n~~~~~~~~~~~~\nDisplay the current version of OSSBOMER:\n\n.. code-block:: bash\n\n   ossbomer version\n\nView Dataset Inventory\n~~~~~~~~~~~~~~~~~~~~~~\nDisplay an inventory of dataset files and their versions:\n\n.. code-block:: bash\n\n   ossbomer inventory\n\nLicense\n-------\n\nOSSBOMER is licensed under the Apache-2.0 License. See the `LICENSE <LICENSE>`_ file for details.\n\n",
    "bugtrack_url": null,
    "license": "Apache 2.0",
    "summary": "SBOMs quality validator for Open Source License Compliance.",
    "version": "0.1.4",
    "project_urls": {
        "Homepage": "https://github.com/Xpertians/xmonkey-ossbomer"
    },
    "split_keywords": [],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "7bccfe93f1286c14cc0e515799d7453d14252eccc255286413f08bd5913f9921",
                "md5": "1abe75b0fc162a093ec1db6ac3547c29",
                "sha256": "999142afe20703100e155302a6d29c03b7696a5d90924da60463cf645638d1a9"
            },
            "downloads": -1,
            "filename": "ossbomer-0.1.4-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "1abe75b0fc162a093ec1db6ac3547c29",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": ">=3.6",
            "size": 47878,
            "upload_time": "2024-12-02T19:04:15",
            "upload_time_iso_8601": "2024-12-02T19:04:15.233483Z",
            "url": "https://files.pythonhosted.org/packages/7b/cc/fe93f1286c14cc0e515799d7453d14252eccc255286413f08bd5913f9921/ossbomer-0.1.4-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "581b4ec3c002d8be05f10eaddefdd84e5fe74630a52d663e24f097132f736072",
                "md5": "a95ecc359548c47da1ed5cfc4d300f9c",
                "sha256": "b14be5545aa3f76200fe6271d642b6252e38b6f50097ce2d98586adfa62a6774"
            },
            "downloads": -1,
            "filename": "ossbomer-0.1.4.tar.gz",
            "has_sig": false,
            "md5_digest": "a95ecc359548c47da1ed5cfc4d300f9c",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": ">=3.6",
            "size": 44260,
            "upload_time": "2024-12-02T19:04:17",
            "upload_time_iso_8601": "2024-12-02T19:04:17.058209Z",
            "url": "https://files.pythonhosted.org/packages/58/1b/4ec3c002d8be05f10eaddefdd84e5fe74630a52d663e24f097132f736072/ossbomer-0.1.4.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2024-12-02 19:04:17",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "Xpertians",
    "github_project": "xmonkey-ossbomer",
    "github_not_found": true,
    "lcname": "ossbomer"
}
        
Elapsed time: 0.42947s