sbommage


Namesbommage JSON
Version 1.0.2 PyPI version JSON
download
home_pageNone
SummaryInteractive terminal frontend for viewing Software Bill of Materials (SBOM) files
upload_time2025-08-19 22:33:03
maintainerNone
docs_urlNone
authorNone
requires_python>=3.8
licenseMIT License Copyright (c) 2025 Alan Pope Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
keywords sbom security supply-chain terminal tui
VCS
bugtrack_url
requirements textual
Travis-CI No Travis.
coveralls test coverage No coveralls. 
            # Sbommage

SBOM + Rummage = Sbommage.

*Pronounced (in my British English) as "ess-bomb-idge", or "SBOM Mage 🧙" if you prefer.*

Sbommage is an interactive terminal frontend for viewing Software Bill of Materials ([SBOM](https://anchore.com/sbom/)) files in various formats.

![A short video showing Sbommage](./sbommage.gif)

## Introduction

Software Bill of Materials ([SBOM](https://anchore.com/sbom/)) files are increasingly important in software supply chain security. However, they come in multiple formats (SPDX, CycloneDX, Syft's native format), each with their own structure and complexity. Sbommage aims to provide a consistent, user-friendly way to view and explore SBOM data, regardless of the underlying format.

## Installation

Sbommage is written in Python and requires Python 3.8 or later.

### From PyPI (Recommended)

The easiest way to install sbommage is from PyPI:

```shell
pip install sbommage
```

Or use the install script:

```shell
curl -sSL https://raw.githubusercontent.com/popey/sbommage/main/install.sh | bash
```

### From GitHub Releases

Download the latest release from the [GitHub releases page](https://github.com/popey/sbommage/releases).

### Using Homebrew (macOS/Linux)

```shell
brew tap popey/sbommage
brew install sbommage
```

### Using Docker

Note: `-it` is required for interaction with the application. Setting the `TERM` variable allows for better colour support.

```shell
docker run --rm -it -e TERM=xterm-256color -v $(pwd):/data ghcr.io/popey/sbommage:latest /data/your-sbom.json
```

### From Source

For development or if you prefer to install from source:

```shell
git clone https://github.com/popey/sbommage
cd sbommage
pip install -e .
```

### Using uv (Alternative)

If you use [uv](https://github.com/astral-sh/uv) for Python environment management:

```shell
git clone https://github.com/popey/sbommage
cd sbommage
uv venv
source .venv/bin/activate  # On Windows: .venv\Scripts\activate
uv pip install -e .
```

## Usage

Point sbommage at an SBOM file:

```shell
./sbommage example_sboms/nextcloud-latest-syft-sbom.json
```

Sbommage will detect the SBOM format (SPDX, CycloneDX, GitHub, or Syft), and present the data in an interactive interface.
Use the cursor keys or mouse to navigate the tree on the left pane.
Click or press Enter on an item to see detailed information in the right pane.

### Keys:

Change view:

* `n` - View by package Name
* `t` - View by package Type
* `c` - View by License (Copyright/Code)
* `s` - View by Supplier

Navigation:

* `h` - Move left
* `j` - Move down
* `k` - Move up
* `l` - Move right

Misc:

* `/` - Search
* `q` - Quit

## Supported SBOM Formats

The goal is to support as many SBOM formats as possible. Patches welcome!

* SPDX
* CycloneDX (JSON)
* GitHub
* Syft

## Generating SBOMs

There are various tools available to generate SBOMs:

* [Syft](https://github.com/anchore/syft) - Generates comprehensive SBOMs in multiple formats
* [SPDX Tools](https://github.com/spdx/tools) - Official SPDX tools
* [CycloneDX Tools](https://github.com/CycloneDX) - Various tools for CycloneDX format

For example, to generate an SBOM with Syft:

```shell
syft alpine:latest -o json > alpine-syft.json
```

## Caveats

I am an open-source enthusiast and self-taught coder creating projects driven by curiosity and a love for problem-solving. The code may have bugs or sharp edges. Kindly let me know if you find one, via an [issue](https://github.com/popey/sbommage/issues). Thanks.

Raw data

            {
    "_id": null,
    "home_page": null,
    "name": "sbommage",
    "maintainer": null,
    "docs_url": null,
    "requires_python": ">=3.8",
    "maintainer_email": null,
    "keywords": "sbom, security, supply-chain, terminal, tui",
    "author": null,
    "author_email": "Alan Pope <alan@popey.com>",
    "download_url": "https://files.pythonhosted.org/packages/91/8b/51e42640f857aa5a356827305dde378664cc50796bf0739db460c5afc719/sbommage-1.0.2.tar.gz",
    "platform": null,
    "description": "# Sbommage\n\nSBOM + Rummage = Sbommage.\n\n*Pronounced (in my British English) as \"ess-bomb-idge\", or \"SBOM Mage \ud83e\uddd9\" if you prefer.*\n\nSbommage is an interactive terminal frontend for viewing Software Bill of Materials ([SBOM](https://anchore.com/sbom/)) files in various formats.\n\n![A short video showing Sbommage](./sbommage.gif)\n\n## Introduction\n\nSoftware Bill of Materials ([SBOM](https://anchore.com/sbom/)) files are increasingly important in software supply chain security. However, they come in multiple formats (SPDX, CycloneDX, Syft's native format), each with their own structure and complexity. Sbommage aims to provide a consistent, user-friendly way to view and explore SBOM data, regardless of the underlying format.\n\n## Installation\n\nSbommage is written in Python and requires Python 3.8 or later.\n\n### From PyPI (Recommended)\n\nThe easiest way to install sbommage is from PyPI:\n\n```shell\npip install sbommage\n```\n\nOr use the install script:\n\n```shell\ncurl -sSL https://raw.githubusercontent.com/popey/sbommage/main/install.sh | bash\n```\n\n### From GitHub Releases\n\nDownload the latest release from the [GitHub releases page](https://github.com/popey/sbommage/releases).\n\n### Using Homebrew (macOS/Linux)\n\n```shell\nbrew tap popey/sbommage\nbrew install sbommage\n```\n\n### Using Docker\n\nNote: `-it` is required for interaction with the application. Setting the `TERM` variable allows for better colour support.\n\n```shell\ndocker run --rm -it -e TERM=xterm-256color -v $(pwd):/data ghcr.io/popey/sbommage:latest /data/your-sbom.json\n```\n\n### From Source\n\nFor development or if you prefer to install from source:\n\n```shell\ngit clone https://github.com/popey/sbommage\ncd sbommage\npip install -e .\n```\n\n### Using uv (Alternative)\n\nIf you use [uv](https://github.com/astral-sh/uv) for Python environment management:\n\n```shell\ngit clone https://github.com/popey/sbommage\ncd sbommage\nuv venv\nsource .venv/bin/activate  # On Windows: .venv\\Scripts\\activate\nuv pip install -e .\n```\n\n## Usage\n\nPoint sbommage at an SBOM file:\n\n```shell\n./sbommage example_sboms/nextcloud-latest-syft-sbom.json\n```\n\nSbommage will detect the SBOM format (SPDX, CycloneDX, GitHub, or Syft), and present the data in an interactive interface.\nUse the cursor keys or mouse to navigate the tree on the left pane.\nClick or press Enter on an item to see detailed information in the right pane.\n\n### Keys:\n\nChange view:\n\n* `n` - View by package Name\n* `t` - View by package Type\n* `c` - View by License (Copyright/Code)\n* `s` - View by Supplier\n\nNavigation:\n\n* `h` - Move left\n* `j` - Move down\n* `k` - Move up\n* `l` - Move right\n\nMisc:\n\n* `/` - Search\n* `q` - Quit\n\n## Supported SBOM Formats\n\nThe goal is to support as many SBOM formats as possible. Patches welcome!\n\n* SPDX\n* CycloneDX (JSON)\n* GitHub\n* Syft\n\n## Generating SBOMs\n\nThere are various tools available to generate SBOMs:\n\n* [Syft](https://github.com/anchore/syft) - Generates comprehensive SBOMs in multiple formats\n* [SPDX Tools](https://github.com/spdx/tools) - Official SPDX tools\n* [CycloneDX Tools](https://github.com/CycloneDX) - Various tools for CycloneDX format\n\nFor example, to generate an SBOM with Syft:\n\n```shell\nsyft alpine:latest -o json > alpine-syft.json\n```\n\n## Caveats\n\nI am an open-source enthusiast and self-taught coder creating projects driven by curiosity and a love for problem-solving. The code may have bugs or sharp edges. Kindly let me know if you find one, via an [issue](https://github.com/popey/sbommage/issues). Thanks.\n",
    "bugtrack_url": null,
    "license": "MIT License\n        \n        Copyright (c) 2025 Alan Pope\n        \n        Permission is hereby granted, free of charge, to any person obtaining a copy\n        of this software and associated documentation files (the \"Software\"), to deal\n        in the Software without restriction, including without limitation the rights\n        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell\n        copies of the Software, and to permit persons to whom the Software is\n        furnished to do so, subject to the following conditions:\n        \n        The above copyright notice and this permission notice shall be included in all\n        copies or substantial portions of the Software.\n        \n        THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\n        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\n        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\n        SOFTWARE.",
    "summary": "Interactive terminal frontend for viewing Software Bill of Materials (SBOM) files",
    "version": "1.0.2",
    "project_urls": {
        "Documentation": "https://github.com/popey/sbommage#readme",
        "Homepage": "https://github.com/popey/sbommage",
        "Issues": "https://github.com/popey/sbommage/issues",
        "Repository": "https://github.com/popey/sbommage"
    },
    "split_keywords": [
        "sbom",
        " security",
        " supply-chain",
        " terminal",
        " tui"
    ],
    "urls": [
        {
            "comment_text": null,
            "digests": {
                "blake2b_256": "5f6959713cf27e64b661af02bc72fb645c80c52169a97efb2e256767c878c1bf",
                "md5": "72fe183eb8b0d22dd0f2c543e2bc5885",
                "sha256": "80a84ecf475037a23a6bcf44aa5b07091284429d45c930ae04afd6cd47c68cc2"
            },
            "downloads": -1,
            "filename": "sbommage-1.0.2-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "72fe183eb8b0d22dd0f2c543e2bc5885",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": ">=3.8",
            "size": 20218,
            "upload_time": "2025-08-19T22:33:01",
            "upload_time_iso_8601": "2025-08-19T22:33:01.311564Z",
            "url": "https://files.pythonhosted.org/packages/5f/69/59713cf27e64b661af02bc72fb645c80c52169a97efb2e256767c878c1bf/sbommage-1.0.2-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": null,
            "digests": {
                "blake2b_256": "918b51e42640f857aa5a356827305dde378664cc50796bf0739db460c5afc719",
                "md5": "61002657083ac3132db8d59858387f9e",
                "sha256": "383ea408f380811c930f8d0ed470bcbb8c1b33fa1d39e653f0e6c623db38e6af"
            },
            "downloads": -1,
            "filename": "sbommage-1.0.2.tar.gz",
            "has_sig": false,
            "md5_digest": "61002657083ac3132db8d59858387f9e",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": ">=3.8",
            "size": 17479553,
            "upload_time": "2025-08-19T22:33:03",
            "upload_time_iso_8601": "2025-08-19T22:33:03.079695Z",
            "url": "https://files.pythonhosted.org/packages/91/8b/51e42640f857aa5a356827305dde378664cc50796bf0739db460c5afc719/sbommage-1.0.2.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2025-08-19 22:33:03",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "popey",
    "github_project": "sbommage#readme",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": true,
    "requirements": [
        {
            "name": "textual",
            "specs": [
                [
                    "==",
                    "5.3.0"
                ]
            ]
        }
    ],
    "lcname": "sbommage"
}
None
Elapsed time: 0.84369s