# SBOM2DOC
SBOM2DOC documents and summarises the components within an SBOM (Software Bill of Materials). SBOMS are supported in a number of formats including
[SPDX](https://www.spdx.org) and [CycloneDX](https://www.cyclonedx.org).
## Installation
To install use the following command:
`pip install sbom2doc`
Alternatively, just clone the repo and install dependencies using the following command:
`pip install -U -r requirements.txt`
The tool requires Python 3 (3.7+). It is recommended to use a virtual python environment especially
if you are using different versions of python. `virtualenv` is a tool for setting up virtual python environments which
allows you to have all the dependencies for the tool set up in a single environment, or have different environments set
up for testing using different versions of Python.
## Usage
```
usage: sbom2doc [-h] [-i INPUT_FILE] [--debug] [--include-license] [-f {console,json,markdown,pdf}] [-o OUTPUT_FILE] [-V]
SBOM2doc generates documentation for a SBOM.
options:
-h, --help show this help message and exit
-V, --version show program's version number and exit
Input:
-i INPUT_FILE, --input-file INPUT_FILE
Name of SBOM file
Output:
--debug add debug information
--include-license add license text
-f {console,json,markdown,pdf}, --format {console,json,markdown,pdf}
Output format (default: output to console)
-o OUTPUT_FILE, --output-file OUTPUT_FILE
output filename (default: output to stdout)
```
## Operation
The `--input-file` option is used to specify the SBOM to be processed. The format of the SBOM is determined according to
the following filename conventions.
| SBOM | Format | Filename extension |
| --------- | --------- |--------------------|
| SPDX | TagValue | .spdx |
| SPDX | JSON | .spdx.json |
| SPDX | YAML | .spdx.yaml |
| SPDX | YAML | .spdx.yml |
| CycloneDX | JSON | .json |
The `--output-file` option is used to control the destination of the output generated by the tool. The
default is to report to the console, but it can also be stored in a file (specified using `--output-file` option).
The `--include-license` option is used to indicate if the text for the licenses is to be included in the output.
## Example
Given the following SBOM (flask.spdx)
```bash
SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-flask
DocumentNamespace: http://spdx.org/spdxdocs/Python-flask-f95bd9a2-1442-4631-9b13-870422204ed4
LicenseListVersion: 3.21
Creator: Tool: sbom4python-0.10.0
Created: 2023-08-17T20:28:31Z
CreatorComment: <text>This document has been automatically generated.</text>
#####
PackageName: flask
SPDXID: SPDXRef-Package-1-flask
PackageVersion: 2.2.2
PrimaryPackagePurpose: APPLICATION
PackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com)
PackageDownloadLocation: https://pypi.org/project/Flask/2.2.2
FilesAnalyzed: false
PackageLicenseDeclared: BSD-3-Clause
PackageLicenseConcluded: BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: <text>A simple framework for building complex web applications.</text>
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/flask@2.2.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:flask:2.2.2:*:*:*:*:*:*:*
#####
PackageName: click
SPDXID: SPDXRef-Package-2-click
PackageVersion: 8.0.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com)
PackageDownloadLocation: https://pypi.org/project/click/8.0.3
FilesAnalyzed: false
PackageLicenseDeclared: BSD-3-Clause
PackageLicenseConcluded: BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: <text>Composable command line interface toolkit</text>
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/click@8.0.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:click:8.0.3:*:*:*:*:*:*:*
#####
PackageName: itsdangerous
SPDXID: SPDXRef-Package-3-itsdangerous
PackageVersion: 2.1.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com)
PackageDownloadLocation: https://pypi.org/project/itsdangerous/2.1.2
FilesAnalyzed: false
PackageLicenseDeclared: BSD-3-Clause
PackageLicenseConcluded: BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: <text>Safely pass data to untrusted environments and back.</text>
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/itsdangerous@2.1.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:itsdangerous:2.1.2:*:*:*:*:*:*:*
#####
PackageName: jinja2
SPDXID: SPDXRef-Package-4-jinja2
PackageVersion: 3.0.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com)
PackageDownloadLocation: https://pypi.org/project/Jinja2/3.0.2
FilesAnalyzed: false
PackageLicenseDeclared: BSD-3-Clause
PackageLicenseConcluded: BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: <text>A very fast and expressive template engine.</text>
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jinja2@3.0.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:jinja2:3.0.2:*:*:*:*:*:*:*
#####
PackageName: markupsafe
SPDXID: SPDXRef-Package-5-markupsafe
PackageVersion: 2.1.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com)
PackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.1
FilesAnalyzed: false
PackageLicenseDeclared: BSD-3-Clause
PackageLicenseConcluded: BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: <text>Safely add untrusted strings to HTML/XML markup.</text>
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@2.1.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:markupsafe:2.1.1:*:*:*:*:*:*:*
#####
PackageName: werkzeug
SPDXID: SPDXRef-Package-6-werkzeug
PackageVersion: 2.2.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com)
PackageDownloadLocation: https://pypi.org/project/Werkzeug/2.2.2
FilesAnalyzed: false
PackageLicenseDeclared: BSD-3-Clause
PackageLicenseConcluded: BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: <text>The comprehensive WSGI web application library.</text>
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/werkzeug@2.2.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:werkzeug:2.2.2:*:*:*:*:*:*:*
#####
Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package-1-flask
Relationship: SPDXRef-Package-1-flask DEPENDS_ON SPDXRef-Package-2-click
Relationship: SPDXRef-Package-1-flask DEPENDS_ON SPDXRef-Package-3-itsdangerous
Relationship: SPDXRef-Package-1-flask DEPENDS_ON SPDXRef-Package-4-jinja2
Relationship: SPDXRef-Package-1-flask DEPENDS_ON SPDXRef-Package-6-werkzeug
Relationship: SPDXRef-Package-4-jinja2 DEPENDS_ON SPDXRef-Package-5-markupsafe
Relationship: SPDXRef-Package-6-werkzeug DEPENDS_ON SPDXRef-Package-5-markupsafe
```
The following commands will generate a summary of the contents of the SBOM to the console.
```bash
sbom2doc --input flask.spdx
╭──────────────╮
│ SBOM Summary │
╰──────────────╯
┏━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ Item ┃ Details ┃
┡━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
│ SBOM File │ /root/Downloads/flask.spdx │
│ SBOM Type │ spdx │
│ Version │ SPDX-2.3 │
│ Name │ Python-flask │
│ Creator │ Tool:sbom4python-0.10.0 │
│ Created │ 2023-08-17T20:28:31Z │
│ Files │ 0 │
│ Packages │ 6 │
│ Relationships │ 7 │
└───────────────┴────────────────────────────┘
╭─────────────────╮
│ Package Summary │
╰─────────────────╯
┏━━━━━━━━━━━━━━┳━━━━━━━━━┳━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━┓
┃ Name ┃ Version ┃ Type ┃ Supplier ┃ License ┃
┡━━━━━━━━━━━━━━╇━━━━━━━━━╇━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━┩
│ flask │ 2.2.2 │ APPLICATION │ Armin Ronacher (armin.ronacher@active-4.com) │ BSD-3-Clause │
│ click │ 8.0.3 │ LIBRARY │ Armin Ronacher (armin.ronacher@active-4.com) │ BSD-3-Clause │
│ itsdangerous │ 2.1.2 │ LIBRARY │ Armin Ronacher (armin.ronacher@active-4.com) │ BSD-3-Clause │
│ jinja2 │ 3.0.2 │ LIBRARY │ Armin Ronacher (armin.ronacher@active-4.com) │ BSD-3-Clause │
│ markupsafe │ 2.1.1 │ LIBRARY │ Armin Ronacher (armin.ronacher@active-4.com) │ BSD-3-Clause │
│ werkzeug │ 2.2.2 │ LIBRARY │ Armin Ronacher (armin.ronacher@active-4.com) │ BSD-3-Clause │
└──────────────┴─────────┴─────────────┴──────────────────────────────────────────────┴──────────────┘
┏━━━━━━━━━━━━━━┳━━━━━━━━━┳━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━┓
┃ Name ┃ Version ┃ Ecosystem ┃ Download ┃ Copyright ┃
┡━━━━━━━━━━━━━━╇━━━━━━━━━╇━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━┩
│ flask │ 2.2.2 │ pypi │ https://pypi.org/project/Flask/2.2.2 │ NOASSERTION │
│ click │ 8.0.3 │ pypi │ https://pypi.org/project/click/8.0.3 │ NOASSERTION │
│ itsdangerous │ 2.1.2 │ pypi │ https://pypi.org/project/itsdangerous/2.1.2 │ NOASSERTION │
│ jinja2 │ 3.0.2 │ pypi │ https://pypi.org/project/Jinja2/3.0.2 │ NOASSERTION │
│ markupsafe │ 2.1.1 │ pypi │ https://pypi.org/project/MarkupSafe/2.1.1 │ NOASSERTION │
│ werkzeug │ 2.2.2 │ pypi │ https://pypi.org/project/Werkzeug/2.2.2 │ NOASSERTION │
└──────────────┴─────────┴───────────┴─────────────────────────────────────────────┴─────────────┘
╭────────────────────────╮
│ Component Type Summary │
╰────────────────────────╯
┏━━━━━━━━━━━━━┳━━━━━━━┓
┃ Type ┃ Count ┃
┡━━━━━━━━━━━━━╇━━━━━━━┩
│ APPLICATION │ 1 │
│ LIBRARY │ 5 │
└─────────────┴───────┘
╭─────────────────╮
│ License Summary │
╰─────────────────╯
┏━━━━━━━━━━━━━━┳━━━━━━━┓
┃ License ┃ Count ┃
┡━━━━━━━━━━━━━━╇━━━━━━━┩
│ BSD-3-Clause │ 6 │
└──────────────┴───────┘
╭──────────────────╮
│ Supplier Summary │
╰──────────────────╯
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━┓
┃ Supplier ┃ Count ┃
┡━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━┩
│ Armin Ronacher (armin.ronacher@active-4.com) │ 6 │
└───────────────────────────────────────────────┴───────┘
╭──────────────╮
│ NTIA Summary │
╰──────────────╯
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━┓
┃ Element ┃ Status ┃
┡━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━┩
│ All file information provided? │ True │
│ All package information provided? │ True │
│ Creator identified? │ True │
│ Creation time identified? │ True │
│ Dependency relationships provided? │ True │
└────────────────────────────────────┴────────┘
NTIA conformant True
```
## Licence
Licenced under the Apache 2.0 Licence.
## Limitations
The tool has the following limitations
- SBOMs in RDF (SPDX) and XML (SPDX and CycloneDX) formats are not supported.
- Invalid SBOMs will result in unpredictable results.
## Feedback and Contributions
Bugs and feature requests can be made via GitHub Issues.
Raw data
{
"_id": null,
"home_page": "https://github.com/anthonyharrison/sbom2doc",
"name": "sbom2doc",
"maintainer": "Anthony Harrison",
"docs_url": null,
"requires_python": ">=3.7",
"maintainer_email": "anthony.p.harrison@gmail.com",
"keywords": "documentation,tools,SBOM,DevSecOps,SPDX,CycloneDX",
"author": "Anthony Harrison",
"author_email": "anthony.p.harrison@gmail.com",
"download_url": "",
"platform": null,
"description": "# SBOM2DOC\n\nSBOM2DOC documents and summarises the components within an SBOM (Software Bill of Materials). SBOMS are supported in a number of formats including\n[SPDX](https://www.spdx.org) and [CycloneDX](https://www.cyclonedx.org).\n\n## Installation\n\nTo install use the following command:\n\n`pip install sbom2doc`\n\nAlternatively, just clone the repo and install dependencies using the following command:\n\n`pip install -U -r requirements.txt`\n\nThe tool requires Python 3 (3.7+). It is recommended to use a virtual python environment especially\nif you are using different versions of python. `virtualenv` is a tool for setting up virtual python environments which\nallows you to have all the dependencies for the tool set up in a single environment, or have different environments set\nup for testing using different versions of Python.\n\n## Usage\n\n```\nusage: sbom2doc [-h] [-i INPUT_FILE] [--debug] [--include-license] [-f {console,json,markdown,pdf}] [-o OUTPUT_FILE] [-V]\n\nSBOM2doc generates documentation for a SBOM.\n\noptions:\n -h, --help show this help message and exit\n -V, --version show program's version number and exit\n\nInput:\n -i INPUT_FILE, --input-file INPUT_FILE\n Name of SBOM file\n\nOutput:\n --debug add debug information\n --include-license add license text\n -f {console,json,markdown,pdf}, --format {console,json,markdown,pdf}\n Output format (default: output to console)\n -o OUTPUT_FILE, --output-file OUTPUT_FILE\n output filename (default: output to stdout)\n\n```\n\t\t\t\t\t\n## Operation\n\nThe `--input-file` option is used to specify the SBOM to be processed. The format of the SBOM is determined according to\nthe following filename conventions.\n\n| SBOM | Format | Filename extension |\n| --------- | --------- |--------------------|\n| SPDX | TagValue | .spdx |\n| SPDX | JSON | .spdx.json |\n| SPDX | YAML | .spdx.yaml |\n| SPDX | YAML | .spdx.yml |\n| CycloneDX | JSON | .json |\n\nThe `--output-file` option is used to control the destination of the output generated by the tool. The\ndefault is to report to the console, but it can also be stored in a file (specified using `--output-file` option).\n\nThe `--include-license` option is used to indicate if the text for the licenses is to be included in the output.\n\n## Example\n\nGiven the following SBOM (flask.spdx)\n\n```bash\nSPDXVersion: SPDX-2.3\nDataLicense: CC0-1.0\nSPDXID: SPDXRef-DOCUMENT\nDocumentName: Python-flask\nDocumentNamespace: http://spdx.org/spdxdocs/Python-flask-f95bd9a2-1442-4631-9b13-870422204ed4\nLicenseListVersion: 3.21\nCreator: Tool: sbom4python-0.10.0\nCreated: 2023-08-17T20:28:31Z\nCreatorComment: <text>This document has been automatically generated.</text>\n##### \n\nPackageName: flask\nSPDXID: SPDXRef-Package-1-flask\nPackageVersion: 2.2.2\nPrimaryPackagePurpose: APPLICATION\nPackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com)\nPackageDownloadLocation: https://pypi.org/project/Flask/2.2.2\nFilesAnalyzed: false\nPackageLicenseDeclared: BSD-3-Clause\nPackageLicenseConcluded: BSD-3-Clause\nPackageCopyrightText: NOASSERTION\nPackageSummary: <text>A simple framework for building complex web applications.</text>\nExternalRef: PACKAGE-MANAGER purl pkg:pypi/flask@2.2.2\nExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:flask:2.2.2:*:*:*:*:*:*:*\n##### \n\nPackageName: click\nSPDXID: SPDXRef-Package-2-click\nPackageVersion: 8.0.3\nPrimaryPackagePurpose: LIBRARY\nPackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com)\nPackageDownloadLocation: https://pypi.org/project/click/8.0.3\nFilesAnalyzed: false\nPackageLicenseDeclared: BSD-3-Clause\nPackageLicenseConcluded: BSD-3-Clause\nPackageCopyrightText: NOASSERTION\nPackageSummary: <text>Composable command line interface toolkit</text>\nExternalRef: PACKAGE-MANAGER purl pkg:pypi/click@8.0.3\nExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:click:8.0.3:*:*:*:*:*:*:*\n##### \n\nPackageName: itsdangerous\nSPDXID: SPDXRef-Package-3-itsdangerous\nPackageVersion: 2.1.2\nPrimaryPackagePurpose: LIBRARY\nPackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com)\nPackageDownloadLocation: https://pypi.org/project/itsdangerous/2.1.2\nFilesAnalyzed: false\nPackageLicenseDeclared: BSD-3-Clause\nPackageLicenseConcluded: BSD-3-Clause\nPackageCopyrightText: NOASSERTION\nPackageSummary: <text>Safely pass data to untrusted environments and back.</text>\nExternalRef: PACKAGE-MANAGER purl pkg:pypi/itsdangerous@2.1.2\nExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:itsdangerous:2.1.2:*:*:*:*:*:*:*\n##### \n\nPackageName: jinja2\nSPDXID: SPDXRef-Package-4-jinja2\nPackageVersion: 3.0.2\nPrimaryPackagePurpose: LIBRARY\nPackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com)\nPackageDownloadLocation: https://pypi.org/project/Jinja2/3.0.2\nFilesAnalyzed: false\nPackageLicenseDeclared: BSD-3-Clause\nPackageLicenseConcluded: BSD-3-Clause\nPackageCopyrightText: NOASSERTION\nPackageSummary: <text>A very fast and expressive template engine.</text>\nExternalRef: PACKAGE-MANAGER purl pkg:pypi/jinja2@3.0.2\nExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:jinja2:3.0.2:*:*:*:*:*:*:*\n##### \n\nPackageName: markupsafe\nSPDXID: SPDXRef-Package-5-markupsafe\nPackageVersion: 2.1.1\nPrimaryPackagePurpose: LIBRARY\nPackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com)\nPackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.1\nFilesAnalyzed: false\nPackageLicenseDeclared: BSD-3-Clause\nPackageLicenseConcluded: BSD-3-Clause\nPackageCopyrightText: NOASSERTION\nPackageSummary: <text>Safely add untrusted strings to HTML/XML markup.</text>\nExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@2.1.1\nExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:markupsafe:2.1.1:*:*:*:*:*:*:*\n##### \n\nPackageName: werkzeug\nSPDXID: SPDXRef-Package-6-werkzeug\nPackageVersion: 2.2.2\nPrimaryPackagePurpose: LIBRARY\nPackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com)\nPackageDownloadLocation: https://pypi.org/project/Werkzeug/2.2.2\nFilesAnalyzed: false\nPackageLicenseDeclared: BSD-3-Clause\nPackageLicenseConcluded: BSD-3-Clause\nPackageCopyrightText: NOASSERTION\nPackageSummary: <text>The comprehensive WSGI web application library.</text>\nExternalRef: PACKAGE-MANAGER purl pkg:pypi/werkzeug@2.2.2\nExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:werkzeug:2.2.2:*:*:*:*:*:*:*\n##### \n\nRelationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package-1-flask\nRelationship: SPDXRef-Package-1-flask DEPENDS_ON SPDXRef-Package-2-click\nRelationship: SPDXRef-Package-1-flask DEPENDS_ON SPDXRef-Package-3-itsdangerous\nRelationship: SPDXRef-Package-1-flask DEPENDS_ON SPDXRef-Package-4-jinja2\nRelationship: SPDXRef-Package-1-flask DEPENDS_ON SPDXRef-Package-6-werkzeug\nRelationship: SPDXRef-Package-4-jinja2 DEPENDS_ON SPDXRef-Package-5-markupsafe\nRelationship: SPDXRef-Package-6-werkzeug DEPENDS_ON SPDXRef-Package-5-markupsafe\n```\n\nThe following commands will generate a summary of the contents of the SBOM to the console.\n\n```bash\nsbom2doc --input flask.spdx \n\n\u256d\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256e\n\u2502 SBOM Summary \u2502\n\u2570\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256f\n\u250f\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2513\n\u2503 Item \u2503 Details \u2503\n\u2521\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2529\n\u2502 SBOM File \u2502 /root/Downloads/flask.spdx \u2502\n\u2502 SBOM Type \u2502 spdx \u2502\n\u2502 Version \u2502 SPDX-2.3 \u2502\n\u2502 Name \u2502 Python-flask \u2502\n\u2502 Creator \u2502 Tool:sbom4python-0.10.0 \u2502\n\u2502 Created \u2502 2023-08-17T20:28:31Z \u2502\n\u2502 Files \u2502 0 \u2502\n\u2502 Packages \u2502 6 \u2502\n\u2502 Relationships \u2502 7 \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n\u256d\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256e\n\u2502 Package Summary \u2502\n\u2570\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256f\n\u250f\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2513\n\u2503 Name \u2503 Version \u2503 Type \u2503 Supplier \u2503 License \u2503\n\u2521\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2529\n\u2502 flask \u2502 2.2.2 \u2502 APPLICATION \u2502 Armin Ronacher (armin.ronacher@active-4.com) \u2502 BSD-3-Clause \u2502\n\u2502 click \u2502 8.0.3 \u2502 LIBRARY \u2502 Armin Ronacher (armin.ronacher@active-4.com) \u2502 BSD-3-Clause \u2502\n\u2502 itsdangerous \u2502 2.1.2 \u2502 LIBRARY \u2502 Armin Ronacher (armin.ronacher@active-4.com) \u2502 BSD-3-Clause \u2502\n\u2502 jinja2 \u2502 3.0.2 \u2502 LIBRARY \u2502 Armin Ronacher (armin.ronacher@active-4.com) \u2502 BSD-3-Clause \u2502\n\u2502 markupsafe \u2502 2.1.1 \u2502 LIBRARY \u2502 Armin Ronacher (armin.ronacher@active-4.com) \u2502 BSD-3-Clause \u2502\n\u2502 werkzeug \u2502 2.2.2 \u2502 LIBRARY \u2502 Armin Ronacher (armin.ronacher@active-4.com) \u2502 BSD-3-Clause \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n\n\n\u250f\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2513\n\u2503 Name \u2503 Version \u2503 Ecosystem \u2503 Download \u2503 Copyright \u2503\n\u2521\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2529\n\u2502 flask \u2502 2.2.2 \u2502 pypi \u2502 https://pypi.org/project/Flask/2.2.2 \u2502 NOASSERTION \u2502\n\u2502 click \u2502 8.0.3 \u2502 pypi \u2502 https://pypi.org/project/click/8.0.3 \u2502 NOASSERTION \u2502\n\u2502 itsdangerous \u2502 2.1.2 \u2502 pypi \u2502 https://pypi.org/project/itsdangerous/2.1.2 \u2502 NOASSERTION \u2502\n\u2502 jinja2 \u2502 3.0.2 \u2502 pypi \u2502 https://pypi.org/project/Jinja2/3.0.2 \u2502 NOASSERTION \u2502\n\u2502 markupsafe \u2502 2.1.1 \u2502 pypi \u2502 https://pypi.org/project/MarkupSafe/2.1.1 \u2502 NOASSERTION \u2502\n\u2502 werkzeug \u2502 2.2.2 \u2502 pypi \u2502 https://pypi.org/project/Werkzeug/2.2.2 \u2502 NOASSERTION \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n\u256d\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256e\n\u2502 Component Type Summary \u2502\n\u2570\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256f\n\u250f\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2513\n\u2503 Type \u2503 Count \u2503\n\u2521\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2529\n\u2502 APPLICATION \u2502 1 \u2502\n\u2502 LIBRARY \u2502 5 \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n\u256d\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256e\n\u2502 License Summary \u2502\n\u2570\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256f\n\u250f\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2513\n\u2503 License \u2503 Count \u2503\n\u2521\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2529\n\u2502 BSD-3-Clause \u2502 6 \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n\u256d\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256e\n\u2502 Supplier Summary \u2502\n\u2570\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256f\n\u250f\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2513\n\u2503 Supplier \u2503 Count \u2503\n\u2521\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2529\n\u2502 Armin Ronacher (armin.ronacher@active-4.com) \u2502 6 \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n\u256d\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256e\n\u2502 NTIA Summary \u2502\n\u2570\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256f\n\u250f\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2513\n\u2503 Element \u2503 Status \u2503\n\u2521\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2529\n\u2502 All file information provided? \u2502 True \u2502\n\u2502 All package information provided? \u2502 True \u2502\n\u2502 Creator identified? \u2502 True \u2502\n\u2502 Creation time identified? \u2502 True \u2502\n\u2502 Dependency relationships provided? \u2502 True \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n\nNTIA conformant True\n \n```\n\n## Licence\n\nLicenced under the Apache 2.0 Licence.\n\n## Limitations\n\nThe tool has the following limitations\n\n- SBOMs in RDF (SPDX) and XML (SPDX and CycloneDX) formats are not supported.\n\n- Invalid SBOMs will result in unpredictable results.\n\n## Feedback and Contributions\n\nBugs and feature requests can be made via GitHub Issues.\n",
"bugtrack_url": null,
"license": "Apache-2.0",
"summary": "SBOM documentation tool",
"version": "0.4.4",
"project_urls": {
"Homepage": "https://github.com/anthonyharrison/sbom2doc"
},
"split_keywords": [
"documentation",
"tools",
"sbom",
"devsecops",
"spdx",
"cyclonedx"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "a9b008bb22cd948f9c52f6a25dadce4151b1e8219a8cab343b6c54f992b5c697",
"md5": "7e7e9cfa1eb91ac54083ae6fb5e29ab5",
"sha256": "4f93e03b8b98f382db519f42ba796e54bd88950ff218f691f2c7c6323ad62cf6"
},
"downloads": -1,
"filename": "sbom2doc-0.4.4-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "7e7e9cfa1eb91ac54083ae6fb5e29ab5",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": ">=3.7",
"size": 17366,
"upload_time": "2024-02-01T14:10:58",
"upload_time_iso_8601": "2024-02-01T14:10:58.754428Z",
"url": "https://files.pythonhosted.org/packages/a9/b0/08bb22cd948f9c52f6a25dadce4151b1e8219a8cab343b6c54f992b5c697/sbom2doc-0.4.4-py2.py3-none-any.whl",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-02-01 14:10:58",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "anthonyharrison",
"github_project": "sbom2doc",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"requirements": [],
"tox": true,
"lcname": "sbom2doc"
}
JSON
