OSSBOMER
=========
OSSBOMER is a CLI tool designed to validate Software Bill of Materials (SBOMs) for quality, compliance, and metadata integrity. It supports SPDX and CycloneDX formats.
Features
--------
- **License Validation**: Checks components in the SBOM for blocked, weak-copyleft, or unknown licenses.
- **PURL Validation**: Flags problematic Package URLs (PURLs) based on exact matches or regex patterns.
- **Schema Validation**: Ensures SBOMs conform to their respective schema (SPDX or CycloneDX) and NTIA requirements.
- **Metadata Validation**: Verifies the presence of essential metadata such as SPDX IDs and creation timestamps.
- **Dataset Management**:
- Updates license rules and package signatures from remote sources.
- Provides an inventory of dataset versions.
Installation
------------
1. Clone the repository:
.. code-block:: bash
git clone https://github.com/your-org/ossbomer.git
cd ossbomer
2. Install the package:
.. code-block:: bash
pip install .
3. Verify the installation:
.. code-block:: bash
ossbomer --help
Usage
-----
Validate an SBOM
~~~~~~~~~~~~~~~~
Validate an SBOM for quality and compliance:
.. code-block:: bash
ossbomer validate <path-to-sbom>
**Example**
.. code-block:: bash
ossbomer validate samples/example-sbom.json
**Output**
::
* Checking licenses...
Blocked license detected for component 'insecure-package': GPL-3.0
* Checking PURLs...
Warning: Problematic PURL detected - pkg:deb/example-package@1.0.0?distro=debian
* Validating schema and metadata...
* Validation complete!
Update Datasets
~~~~~~~~~~~~~~~
Update license rules and package signatures from remote sources:
.. code-block:: bash
ossbomer update
**Output**
::
Datasets updated successfully!
Show Version
~~~~~~~~~~~~
Display the current version of OSSBOMER:
.. code-block:: bash
ossbomer version
View Dataset Inventory
~~~~~~~~~~~~~~~~~~~~~~
Display an inventory of dataset files and their versions:
.. code-block:: bash
ossbomer inventory
License
-------
OSSBOMER is licensed under the Apache-2.0 License. See the `LICENSE <LICENSE>`_ file for details.
Raw data
{
"_id": null,
"home_page": "https://github.com/Xpertians/xmonkey-ossbomer",
"name": "ossbomer",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.6",
"maintainer_email": null,
"keywords": null,
"author": "Oscar Valenzuela",
"author_email": "oscar.valenzuela.b@gmail.com",
"download_url": "https://files.pythonhosted.org/packages/58/1b/4ec3c002d8be05f10eaddefdd84e5fe74630a52d663e24f097132f736072/ossbomer-0.1.4.tar.gz",
"platform": null,
"description": "OSSBOMER\n=========\n\nOSSBOMER is a CLI tool designed to validate Software Bill of Materials (SBOMs) for quality, compliance, and metadata integrity. It supports SPDX and CycloneDX formats.\n\nFeatures\n--------\n\n- **License Validation**: Checks components in the SBOM for blocked, weak-copyleft, or unknown licenses.\n- **PURL Validation**: Flags problematic Package URLs (PURLs) based on exact matches or regex patterns.\n- **Schema Validation**: Ensures SBOMs conform to their respective schema (SPDX or CycloneDX) and NTIA requirements.\n- **Metadata Validation**: Verifies the presence of essential metadata such as SPDX IDs and creation timestamps.\n- **Dataset Management**:\n - Updates license rules and package signatures from remote sources.\n - Provides an inventory of dataset versions.\n\nInstallation\n------------\n\n1. Clone the repository:\n\n .. code-block:: bash\n\n git clone https://github.com/your-org/ossbomer.git\n cd ossbomer\n\n2. Install the package:\n\n .. code-block:: bash\n\n pip install .\n\n3. Verify the installation:\n\n .. code-block:: bash\n\n ossbomer --help\n\nUsage\n-----\n\nValidate an SBOM\n~~~~~~~~~~~~~~~~\nValidate an SBOM for quality and compliance:\n\n.. code-block:: bash\n\n ossbomer validate <path-to-sbom>\n\n**Example**\n\n.. code-block:: bash\n\n ossbomer validate samples/example-sbom.json\n\n**Output**\n\n::\n\n * Checking licenses...\n Blocked license detected for component 'insecure-package': GPL-3.0\n * Checking PURLs...\n Warning: Problematic PURL detected - pkg:deb/example-package@1.0.0?distro=debian\n * Validating schema and metadata...\n * Validation complete!\n\nUpdate Datasets\n~~~~~~~~~~~~~~~\nUpdate license rules and package signatures from remote sources:\n\n.. code-block:: bash\n\n ossbomer update\n\n**Output**\n\n::\n\n Datasets updated successfully!\n\nShow Version\n~~~~~~~~~~~~\nDisplay the current version of OSSBOMER:\n\n.. code-block:: bash\n\n ossbomer version\n\nView Dataset Inventory\n~~~~~~~~~~~~~~~~~~~~~~\nDisplay an inventory of dataset files and their versions:\n\n.. code-block:: bash\n\n ossbomer inventory\n\nLicense\n-------\n\nOSSBOMER is licensed under the Apache-2.0 License. See the `LICENSE <LICENSE>`_ file for details.\n\n",
"bugtrack_url": null,
"license": "Apache 2.0",
"summary": "SBOMs quality validator for Open Source License Compliance.",
"version": "0.1.4",
"project_urls": {
"Homepage": "https://github.com/Xpertians/xmonkey-ossbomer"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "7bccfe93f1286c14cc0e515799d7453d14252eccc255286413f08bd5913f9921",
"md5": "1abe75b0fc162a093ec1db6ac3547c29",
"sha256": "999142afe20703100e155302a6d29c03b7696a5d90924da60463cf645638d1a9"
},
"downloads": -1,
"filename": "ossbomer-0.1.4-py3-none-any.whl",
"has_sig": false,
"md5_digest": "1abe75b0fc162a093ec1db6ac3547c29",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.6",
"size": 47878,
"upload_time": "2024-12-02T19:04:15",
"upload_time_iso_8601": "2024-12-02T19:04:15.233483Z",
"url": "https://files.pythonhosted.org/packages/7b/cc/fe93f1286c14cc0e515799d7453d14252eccc255286413f08bd5913f9921/ossbomer-0.1.4-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "581b4ec3c002d8be05f10eaddefdd84e5fe74630a52d663e24f097132f736072",
"md5": "a95ecc359548c47da1ed5cfc4d300f9c",
"sha256": "b14be5545aa3f76200fe6271d642b6252e38b6f50097ce2d98586adfa62a6774"
},
"downloads": -1,
"filename": "ossbomer-0.1.4.tar.gz",
"has_sig": false,
"md5_digest": "a95ecc359548c47da1ed5cfc4d300f9c",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.6",
"size": 44260,
"upload_time": "2024-12-02T19:04:17",
"upload_time_iso_8601": "2024-12-02T19:04:17.058209Z",
"url": "https://files.pythonhosted.org/packages/58/1b/4ec3c002d8be05f10eaddefdd84e5fe74630a52d663e24f097132f736072/ossbomer-0.1.4.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-12-02 19:04:17",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "Xpertians",
"github_project": "xmonkey-ossbomer",
"github_not_found": true,
"lcname": "ossbomer"
}