This tool generates Software Bill of material (SBOM) documents in OWASP CycloneDX format.
Supported data sources are:
- Python (virtual) environment
- Poetry manifest and lockfile
- Pipenv manifest and lockfile
- Pip's requirements file format format
- PDM manifest and lockfile support is not implemented, yet. However, PDM's Python virtual environments are fully supported. See the
docs </usage>
for an example. - Conda as a package manager is no longer supported since version 4. However, conda's Python environments are fully supported via the methods listed above. See the
docs </usage>
for an example.
Based on OWASP Software Component Verification Standard for Software Bill of Materials's criteria, this tool is capable of producing SBOM documents almost passing Level-2 (only signing needs to be done externally).
The resulting SBOM documents follow official specifications and standards, and might have properties following the Namespace Taxonomies cdx:python, cdx:pipenv, cdx:poetry.
install usage contributing support Changelog <changelog> upgrading