[![Logo](https://whitesource-resources.s3.amazonaws.com/ws-sig-images/Whitesource_Logo_178x44.png)](https://www.whitesourcesoftware.com/)
[![License](https://img.shields.io/badge/License-Apache%202.0-yellowgreen.svg)](https://opensource.org/licenses/Apache-2.0)
[![CI](https://github.com/whitesource-ps/ws-import-spdx/actions/workflows/ci.yml/badge.svg)](https://github.com/whitesource-ps/ws-import-spdx/actions/workflows/ci.yml)
[![GitHub release](https://img.shields.io/github/v/release/whitesource-ps/ws-import-spdx)](https://github.com/whitesource-ps/ws-import-spdx/releases/latest)
[![PyPI](https://img.shields.io/pypi/v/ws-import-spdx?style=plastic)](https://pypi.org/project/ws-import-spdx/)
[Mend Import SPDX](https://github.com/whitesource-ps/ws-import-spdx)
#Import SPDX tool description
CLI Tool imports data from the SBOM report into the MEND system in [SPDX format](https://spdx.org).
* The tool can upload data directly to Mend or create a Mend Offline Request file for uploading via Mend's UI interface ("Upload Update Request" action in the Admin panel)
* The tool supports **JSON** or **CSV** input format only
* If the URL is not stated (defined with **-a WS_URL**), the tool will use **saas.whitesourcesoftware.com**.
* The URL must be in **full** like **saas.whitesourcesoftware.com** , **app-eu.whitesourcesoftware.com** or **saas.mend.io**
Import SBOM report in SPDX format into the Mend Application.
If you need a place to store SBOMs from different systems and present them in a human-friendly form use this CLI tool.
## Supported Operating Systems
- **Linux (Bash):** CentOS, Debian, Ubuntu, RedHat
- **Windows (PowerShell):** 10, 2012, 2016
## Prerequisites
Python 3.8+
### Installation and Execution by pulling from PyPi:
1. Execute pip install `pip install ws-import-spdx`
* Note: If installing packages as a non-root, be sure to include the path of the executables within the Operating System paths.
2. Run report: `ws_import_spdx -u <WS_USER_KEY> -k <WS_TOKEN> -pr <WS_PRODUCT_TOKEN> -p <PROJECT_TOKEN> -sbom <SBOM_FILE_PATH>`
* Output file will be created in the Upload folder. If a folder does not exist, the tool will create it.
### Required and Optional arguments:
```shell
-h, --help This help message and exit
-u WS_USER_KEY, --userKey
WS User Key
-k WS_TOKEN, --token
WS Org Token (API Key)
-pr WS_PRODUCT_TOKEN, --product
Product token
-s WS_PROJECT, --scope
WS Project token for updating data
-p WS_PROJECT_NAME, --project name
WS Project Name
-a WS_URL, --wsUrl {saas.whitesourcesoftware.com, app.whitesourcesoftware.com, app-eu.whitesourcesoftware.com, saas-eu.whitesourcesoftware.com,
saas.mend.io, app.mend.io, app-eu.mend.io, saas-eu.mend.io, your_url}
WS URL
-sbom SBOM_FILE_PATH, --sbom file path
SBOM report file for import
-t UPDATE_TYPE, --updatetype {OVERRIDE,APPEND}
Type of upload operation
-o OUT_DIR, --out
Output directory
-l LOAD, --load
Direct load to Mend (deafult True)
* Note:
* Project Name **OR** Project Token must be passed on
* SBOM report for importing should be in **JSON** or **CSV** format
* The filename has to be provided with corresponding extension (JSON or CSV)
* Default value of UPDATE_TYPE is **OVERRIDE**
* Default value of WS_URL is **saas.whitesourcesoftware.com**
* Default value of LOAD is **True**
```
## CSV structure:
###List of fields:
name,downloadLocation,licenseConcluded,licenseInfoFromFiles,licenseDeclared,copyrightText,
versionInfo,packageFileName,supplier,originator,sha1,homepage
* Note:
* The CSV file’s first row (headers) should contain a list of fields.
* **sha1** or pair **packageFileName** and **versionInfo** are mandatory fields
* Other fields can be empty
## Examples:
```shell
# Import data direct to Mend from JSON. A new project will be created in Mend.
ws_import_spdx -u <WS_USER_KEY> -k <WS_ORG_TOKEN> -pr <WS_PRODUCT_TOKEN> --o </path/reports> -p <NEW_PROJECT_NAME> -sbom </path/upload.json>
# Import data direct to Mend from CSV. A new project will be created in Mend.
ws_import_spdx -u <WS_USER_KEY> -k <WS_ORG_TOKEN> -pr <WS_PRODUCT_TOKEN> --o </path/reports> -p <NEW_PROJECT_NAME> -sbom </path/upload.csv>
# Create a Mend Offline Update Request file without direct upload to Mend. The input data is in JSON format.
ws_import_spdx -u <WS_USER_KEY> -k <WS_ORG_TOKEN> -pr <WS_PRODUCT_TOKEN> -p <NEW_PROJECT_NAME> -l False -o </path/reports> -sbom </path/upload.json>
# Import data direct to Mend. SBOM data will be appended to the specified project. The input data is in CSV format.
ws_import_spdx -u <WS_USER_KEY> -k <WS_ORG_TOKEN> -pr <WS_PRODUCT_TOKEN> --o </path/reports> -s <WS_PROJECT> -t APPEND -sbom </path/upload.csv>
# Create a Mend Offline Update Request file without direct upload to Mend. SBOM data will be appended to the specified project. The input data is in JSON format.
ws_import_spdx -u <WS_USER_KEY> -k <WS_ORG_TOKEN> -pr <WS_PRODUCT_TOKEN> --o </path/reports> -s <WS_PROJECT> -t APPEND -l False - sbom </path/upload.json>
# Create a Mend Offline Update Request file without direct ulpoad to Mend. The specific project will be overwritten by SBOM data. The input data is in JSON format.
ws_import_spdx -u <WS_USER_KEY> -k <WS_ORG_TOKEN> -pr <WS_PRODUCT_TOKEN> --o </path/reports> -s <WS_PROJECT> -l False -sbom </path/upload.json>
```
Raw data
{
"_id": null,
"home_page": "https://github.com/whitesource-ps/ws-import-spdx",
"name": "ws-import-spdx",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": "",
"keywords": "",
"author": "WhiteSource Professional Services",
"author_email": "ps@whitesourcesoftware.com",
"download_url": "",
"platform": null,
"description": "[![Logo](https://whitesource-resources.s3.amazonaws.com/ws-sig-images/Whitesource_Logo_178x44.png)](https://www.whitesourcesoftware.com/) \n[![License](https://img.shields.io/badge/License-Apache%202.0-yellowgreen.svg)](https://opensource.org/licenses/Apache-2.0)\n[![CI](https://github.com/whitesource-ps/ws-import-spdx/actions/workflows/ci.yml/badge.svg)](https://github.com/whitesource-ps/ws-import-spdx/actions/workflows/ci.yml)\n[![GitHub release](https://img.shields.io/github/v/release/whitesource-ps/ws-import-spdx)](https://github.com/whitesource-ps/ws-import-spdx/releases/latest) \n[![PyPI](https://img.shields.io/pypi/v/ws-import-spdx?style=plastic)](https://pypi.org/project/ws-import-spdx/)\n[Mend Import SPDX](https://github.com/whitesource-ps/ws-import-spdx)\n\n#Import SPDX tool description\n\nCLI Tool imports data from the SBOM report into the MEND system in [SPDX format](https://spdx.org).\n * The tool can upload data directly to Mend or create a Mend Offline Request file for uploading via Mend's UI interface (\"Upload Update Request\" action in the Admin panel)\n * The tool supports **JSON** or **CSV** input format only\n * If the URL is not stated (defined with **-a WS_URL**), the tool will use **saas.whitesourcesoftware.com**.\n * The URL must be in **full** like **saas.whitesourcesoftware.com** , **app-eu.whitesourcesoftware.com** or **saas.mend.io** \n\nImport SBOM report in SPDX format into the Mend Application. \nIf you need a place to store SBOMs from different systems and present them in a human-friendly form use this CLI tool.\n\n## Supported Operating Systems\n- **Linux (Bash):**\tCentOS, Debian, Ubuntu, RedHat\n- **Windows (PowerShell):**\t10, 2012, 2016\n\n\n## Prerequisites\nPython 3.8+\n\n### Installation and Execution by pulling from PyPi:\n1. Execute pip install `pip install ws-import-spdx`\n * Note: If installing packages as a non-root, be sure to include the path of the executables within the Operating System paths.\n2. Run report: `ws_import_spdx -u <WS_USER_KEY> -k <WS_TOKEN> -pr <WS_PRODUCT_TOKEN> -p <PROJECT_TOKEN> -sbom <SBOM_FILE_PATH>`\n * Output file will be created in the Upload folder. If a folder does not exist, the tool will create it.\n \n### Required and Optional arguments:\n```shell\n -h, --help This help message and exit\n -u WS_USER_KEY, --userKey\n WS User Key\n -k WS_TOKEN, --token \n WS Org Token (API Key)\n -pr WS_PRODUCT_TOKEN, --product \n Product token \n -s WS_PROJECT, --scope \n WS Project token for updating data\n -p WS_PROJECT_NAME, --project name\n WS Project Name \n -a WS_URL, --wsUrl {saas.whitesourcesoftware.com, app.whitesourcesoftware.com, app-eu.whitesourcesoftware.com, saas-eu.whitesourcesoftware.com, \n saas.mend.io, app.mend.io, app-eu.mend.io, saas-eu.mend.io, your_url}\n WS URL \n -sbom SBOM_FILE_PATH, --sbom file path\n SBOM report file for import \n -t UPDATE_TYPE, --updatetype {OVERRIDE,APPEND}\n Type of upload operation\n -o OUT_DIR, --out \n Output directory\n -l LOAD, --load\n Direct load to Mend (deafult True) \n * Note: \n * Project Name **OR** Project Token must be passed on\n * SBOM report for importing should be in **JSON** or **CSV** format\n * The filename has to be provided with corresponding extension (JSON or CSV)\n * Default value of UPDATE_TYPE is **OVERRIDE** \n * Default value of WS_URL is **saas.whitesourcesoftware.com**\n * Default value of LOAD is **True**\n```\n## CSV structure:\n###List of fields:\nname,downloadLocation,licenseConcluded,licenseInfoFromFiles,licenseDeclared,copyrightText,\nversionInfo,packageFileName,supplier,originator,sha1,homepage\n* Note:\n * The CSV file\u2019s first row (headers) should contain a list of fields.\n * **sha1** or pair **packageFileName** and **versionInfo** are mandatory fields\n * Other fields can be empty\n## Examples:\n```shell\n# Import data direct to Mend from JSON. A new project will be created in Mend.\nws_import_spdx -u <WS_USER_KEY> -k <WS_ORG_TOKEN> -pr <WS_PRODUCT_TOKEN> --o </path/reports> -p <NEW_PROJECT_NAME> -sbom </path/upload.json>\n\n# Import data direct to Mend from CSV. A new project will be created in Mend.\nws_import_spdx -u <WS_USER_KEY> -k <WS_ORG_TOKEN> -pr <WS_PRODUCT_TOKEN> --o </path/reports> -p <NEW_PROJECT_NAME> -sbom </path/upload.csv>\n\n# Create a Mend Offline Update Request file without direct upload to Mend. The input data is in JSON format.\nws_import_spdx -u <WS_USER_KEY> -k <WS_ORG_TOKEN> -pr <WS_PRODUCT_TOKEN> -p <NEW_PROJECT_NAME> -l False -o </path/reports> -sbom </path/upload.json>\n\n# Import data direct to Mend. SBOM data will be appended to the specified project. The input data is in CSV format.\nws_import_spdx -u <WS_USER_KEY> -k <WS_ORG_TOKEN> -pr <WS_PRODUCT_TOKEN> --o </path/reports> -s <WS_PROJECT> -t APPEND -sbom </path/upload.csv>\n\n# Create a Mend Offline Update Request file without direct upload to Mend. SBOM data will be appended to the specified project. The input data is in JSON format.\nws_import_spdx -u <WS_USER_KEY> -k <WS_ORG_TOKEN> -pr <WS_PRODUCT_TOKEN> --o </path/reports> -s <WS_PROJECT> -t APPEND -l False - sbom </path/upload.json>\n\n# Create a Mend Offline Update Request file without direct ulpoad to Mend. The specific project will be overwritten by SBOM data. The input data is in JSON format.\nws_import_spdx -u <WS_USER_KEY> -k <WS_ORG_TOKEN> -pr <WS_PRODUCT_TOKEN> --o </path/reports> -s <WS_PROJECT> -l False -sbom </path/upload.json>\n```\n",
"bugtrack_url": null,
"license": "LICENSE.txt",
"summary": "Preparation upload file for Mend UI",
"version": "22.12.3.1",
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"md5": "494fadfcb89429a4c34cf5be2fd5c1f3",
"sha256": "3b170a75adf52b2cc5682b88e47dabf118dc95a0bb6555c8e2156dec8d2239df"
},
"downloads": -1,
"filename": "ws_import_spdx-22.12.3.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "494fadfcb89429a4c34cf5be2fd5c1f3",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 14481,
"upload_time": "2022-12-18T10:54:33",
"upload_time_iso_8601": "2022-12-18T10:54:33.094892Z",
"url": "https://files.pythonhosted.org/packages/5f/8f/b74b289ec3cdfdb7166afc990226b455afa556fd87975a5a9d36dc33cc0b/ws_import_spdx-22.12.3.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2022-12-18 10:54:33",
"github": true,
"gitlab": false,
"bitbucket": false,
"github_user": "whitesource-ps",
"github_project": "ws-import-spdx",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [
{
"name": "ws-sdk",
"specs": [
[
"==",
"22.8.4.2"
]
]
}
],
"lcname": "ws-import-spdx"
}