sbomconvert


Namesbomconvert JSON
Version 0.1.0 PyPI version JSON
download
home_pagehttps://github.com/anthonyharrison/sbomconvert
SummaryConvert SBOM between formats
upload_time2025-01-28 21:56:04
maintainerAnthony Harrison
docs_urlNone
authorAnthony Harrison
requires_python>=3.9
licenseApache-2.0
keywords security tools sbom devsecops spdx cyclonedx
VCS
bugtrack_url
requirements lib4sbom
Travis-CI No Travis.
coveralls test coverage No coveralls.
            # SBOMConvert

The SBOMConvert is a free, open source tool to transform a
SBOM (Software Bill of Materials) into another format. The format supported are various versions of SBOMs in either
[SPDX](https://www.spdx.org) and [CycloneDX](https://www.cyclonedx.org) formats.

SBOMs are supported in the following formats and versions:

| SBOM Type | Version | Format   |
| --------- |---------|----------|
| SPDX      | 2.2     | TagValue | 
| SPDX      | 2.2     | JSON     |
| SPDX      | 2.2     | YAML     |
| SPDX      | 2.2     | RDF      |
| SPDX      | 2.2     | XML      |
| SPDX      | 2.3     | TagValue |
| SPDX      | 2.3     | JSON     |
| SPDX      | 2.3     | YAML     |
| SPDX      | 2.3     | RDF      |
| SPDX      | 2.3     | XML      |
| CycloneDX | 1.4     | JSON     |
| CycloneDX | 1.4     | XML      |
| CycloneDX | 1.5     | JSON     |
| CycloneDX | 1.5     | XML      |
| CycloneDX | 1.6     | JSON     |
| CycloneDX | 1.6     | XML      |

**Note** that support for SPDX RDF and XML formats is limited to a few package attributes.

## Installation

To install use the following command:

`pip install sbomconvert`

Alternatively, just clone the repo and install dependencies using the following command:

`pip install -U -r requirements.txt`

The tool requires Python 3 (3.9+). It is recommended to use a virtual python environment especially
if you are using different versions of python. `virtualenv` is a tool for setting up virtual python environments which
allows you to have all the dependencies for the tool set up in a single environment, or have different environments set
up for testing using different versions of Python.

## Usage

```bash
usage: sbomconvert [-h] [-i INPUT_FILE] [-d] [--sbom {spdx,cyclonedx}] [--format {tag,json,yaml}] [-o OUTPUT_FILE] [-V]

SBOMconvert transforms a Software Bill of Materials from one format to another, or between output formats.

options:
  -h, --help            show this help message and exit
  -V, --version         show program's version number and exit

Input:
  -i INPUT_FILE, --input-file INPUT_FILE
                        identity of SBOM

Output:
  -d, --debug           add debug information
  --sbom {spdx,cyclonedx}
                        specify type of sbom to generate (default: spdx)
  --format {tag,json,yaml}
                        specify format of software bill of materials (sbom) (default: tag)
  -o OUTPUT_FILE, --output-file OUTPUT_FILE
                        output filename (default: output to stdout)
```
						
## Operation

The `--input-file` option is used to identify of the SBOM. The tool will automatically detect the type and version of SBOM.

The `--sbom` option is used to specify the format of the generated SBOM (the default is SPDX). The `--format` option
can be used to specify the formatting of the SBOM (the default is Tag Value format for a SPDX SBOM). JSON format is supported for both
SPDX and CycloneDX SBOMs).

The `--output-file` option is used to control the destination of the output generated by the tool. The
default is to report to the console but can be stored in a file (specified using `--output-file` option).

## Licence

Licenced under the Apache 2.0 Licence.

The tool uses a local copy of the [SPDX Licenses List](https://github.com/spdx/license-list-data) which is released under
[Creative Commons Attribution 3.0 (CC-BY-3.0)](http://creativecommons.org/licenses/by/3.0/).

## Limitations

The usefulness of the tool is dependent on the SBOM data
which is provided to the tool. Unfortunately, the tool is unable to determine the validity or completeness of such a SBOM file; users of the tool
are therefore reminded that they should assert the quality of any data which is provided to the tool.

Invalid SBOMs will lead to unpredictable results.

When processing and validating licenses, the application will use a set of synonyms to attempt to map some license identifiers to the correct [SPDX License Identifiers](https://spdx.org/licenses/). However, the
user of the tool is reminded that they should assert the quality of any data which is provided by the tool particularly where the license identifier has been modified.

## Feedback and Contributions

Bugs and feature requests can be made via GitHub Issues.

            

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/anthonyharrison/sbomconvert",
    "name": "sbomconvert",
    "maintainer": "Anthony Harrison",
    "docs_url": null,
    "requires_python": ">=3.9",
    "maintainer_email": "anthony.p.harrison@gmail.com",
    "keywords": "security, tools, SBOM, DevSecOps, SPDX, CycloneDX",
    "author": "Anthony Harrison",
    "author_email": "anthony.p.harrison@gmail.com",
    "download_url": null,
    "platform": null,
    "description": "# SBOMConvert\n\nThe SBOMConvert is a free, open source tool to transform a\nSBOM (Software Bill of Materials) into another format. The format supported are various versions of SBOMs in either\n[SPDX](https://www.spdx.org) and [CycloneDX](https://www.cyclonedx.org) formats.\n\nSBOMs are supported in the following formats and versions:\n\n| SBOM Type | Version | Format   |\n| --------- |---------|----------|\n| SPDX      | 2.2     | TagValue | \n| SPDX      | 2.2     | JSON     |\n| SPDX      | 2.2     | YAML     |\n| SPDX      | 2.2     | RDF      |\n| SPDX      | 2.2     | XML      |\n| SPDX      | 2.3     | TagValue |\n| SPDX      | 2.3     | JSON     |\n| SPDX      | 2.3     | YAML     |\n| SPDX      | 2.3     | RDF      |\n| SPDX      | 2.3     | XML      |\n| CycloneDX | 1.4     | JSON     |\n| CycloneDX | 1.4     | XML      |\n| CycloneDX | 1.5     | JSON     |\n| CycloneDX | 1.5     | XML      |\n| CycloneDX | 1.6     | JSON     |\n| CycloneDX | 1.6     | XML      |\n\n**Note** that support for SPDX RDF and XML formats is limited to a few package attributes.\n\n## Installation\n\nTo install use the following command:\n\n`pip install sbomconvert`\n\nAlternatively, just clone the repo and install dependencies using the following command:\n\n`pip install -U -r requirements.txt`\n\nThe tool requires Python 3 (3.9+). It is recommended to use a virtual python environment especially\nif you are using different versions of python. `virtualenv` is a tool for setting up virtual python environments which\nallows you to have all the dependencies for the tool set up in a single environment, or have different environments set\nup for testing using different versions of Python.\n\n## Usage\n\n```bash\nusage: sbomconvert [-h] [-i INPUT_FILE] [-d] [--sbom {spdx,cyclonedx}] [--format {tag,json,yaml}] [-o OUTPUT_FILE] [-V]\n\nSBOMconvert transforms a Software Bill of Materials from one format to another, or between output formats.\n\noptions:\n  -h, --help            show this help message and exit\n  -V, --version         show program's version number and exit\n\nInput:\n  -i INPUT_FILE, --input-file INPUT_FILE\n                        identity of SBOM\n\nOutput:\n  -d, --debug           add debug information\n  --sbom {spdx,cyclonedx}\n                        specify type of sbom to generate (default: spdx)\n  --format {tag,json,yaml}\n                        specify format of software bill of materials (sbom) (default: tag)\n  -o OUTPUT_FILE, --output-file OUTPUT_FILE\n                        output filename (default: output to stdout)\n```\n\t\t\t\t\t\t\n## Operation\n\nThe `--input-file` option is used to identify of the SBOM. The tool will automatically detect the type and version of SBOM.\n\nThe `--sbom` option is used to specify the format of the generated SBOM (the default is SPDX). The `--format` option\ncan be used to specify the formatting of the SBOM (the default is Tag Value format for a SPDX SBOM). JSON format is supported for both\nSPDX and CycloneDX SBOMs).\n\nThe `--output-file` option is used to control the destination of the output generated by the tool. The\ndefault is to report to the console but can be stored in a file (specified using `--output-file` option).\n\n## Licence\n\nLicenced under the Apache 2.0 Licence.\n\nThe tool uses a local copy of the [SPDX Licenses List](https://github.com/spdx/license-list-data) which is released under\n[Creative Commons Attribution 3.0 (CC-BY-3.0)](http://creativecommons.org/licenses/by/3.0/).\n\n## Limitations\n\nThe usefulness of the tool is dependent on the SBOM data\nwhich is provided to the tool. Unfortunately, the tool is unable to determine the validity or completeness of such a SBOM file; users of the tool\nare therefore reminded that they should assert the quality of any data which is provided to the tool.\n\nInvalid SBOMs will lead to unpredictable results.\n\nWhen processing and validating licenses, the application will use a set of synonyms to attempt to map some license identifiers to the correct [SPDX License Identifiers](https://spdx.org/licenses/). However, the\nuser of the tool is reminded that they should assert the quality of any data which is provided by the tool particularly where the license identifier has been modified.\n\n## Feedback and Contributions\n\nBugs and feature requests can be made via GitHub Issues.\n",
    "bugtrack_url": null,
    "license": "Apache-2.0",
    "summary": "Convert SBOM between formats",
    "version": "0.1.0",
    "project_urls": {
        "Homepage": "https://github.com/anthonyharrison/sbomconvert"
    },
    "split_keywords": [
        "security",
        " tools",
        " sbom",
        " devsecops",
        " spdx",
        " cyclonedx"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "eb4e4fcf75d4be956aec70d911c720a5e3f3c1ebf4cb102ded64a2ee21ff77e9",
                "md5": "f5dbdc9b8cfaea9d02b23a08245fbe74",
                "sha256": "cd4200d764ade935e430ed7a4e6808d37fd7d71d242f84e17c2c2508e05ebb77"
            },
            "downloads": -1,
            "filename": "sbomconvert-0.1.0-py2.py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "f5dbdc9b8cfaea9d02b23a08245fbe74",
            "packagetype": "bdist_wheel",
            "python_version": "py2.py3",
            "requires_python": ">=3.9",
            "size": 9174,
            "upload_time": "2025-01-28T21:56:04",
            "upload_time_iso_8601": "2025-01-28T21:56:04.687600Z",
            "url": "https://files.pythonhosted.org/packages/eb/4e/4fcf75d4be956aec70d911c720a5e3f3c1ebf4cb102ded64a2ee21ff77e9/sbomconvert-0.1.0-py2.py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2025-01-28 21:56:04",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "anthonyharrison",
    "github_project": "sbomconvert",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": false,
    "requirements": [
        {
            "name": "lib4sbom",
            "specs": [
                [
                    ">=",
                    "0.8.0"
                ]
            ]
        }
    ],
    "tox": true,
    "lcname": "sbomconvert"
}
        
Elapsed time: 0.38294s