ninoseki · ninoseki · Aug 20, 2022 · Aug 20, 2022 · Aug 20, 2022 · Aug 20, 2022
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
@@ -0,0 +1,11 @@
+# See here for image contents: https://github.com/microsoft/vscode-dev-containers/tree/v0.245.0/containers/ubuntu/.devcontainer/base.Dockerfile
+
+# [Choice] Ubuntu version (use ubuntu-22.04 or ubuntu-18.04 on local arm64/Apple Silicon): ubuntu-22.04, ubuntu-20.04, ubuntu-18.04
+ARG VARIANT="jammy"
+FROM mcr.microsoft.com/vscode/devcontainers/base:0-${VARIANT}
+
+# [Optional] Uncomment this section to install additional OS packages.
+# RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
+#     && apt-get -y install --no-install-recommends <your-package-list-here>
+
+
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -0,0 +1,23 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the README at:
+// https://github.com/microsoft/vscode-dev-containers/tree/v0.245.0/containers/ubuntu
+{
+	"name": "Ubuntu",
+	"build": {
+		"dockerfile": "Dockerfile",
+		// Update 'VARIANT' to pick an Ubuntu version: jammy / ubuntu-22.04, focal / ubuntu-20.04, bionic /ubuntu-18.04
+		// Use ubuntu-22.04 or ubuntu-18.04 on local arm64/Apple Silicon.
+		"args": { "VARIANT": "ubuntu-22.04" }
+	},
+
+	// Use 'forwardPorts' to make a list of ports inside the container available locally.
+	// "forwardPorts": [],
+
+	// Use 'postCreateCommand' to run commands after the container is created.
+	// "postCreateCommand": "uname -a",
+
+	// Comment out to connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
+	"remoteUser": "vscode",
+	"features": {
+		"python": "3.9"
+	}
+}
diff --git a/pycomponents/bom.py b/pycomponents/bom.py
@@ -4,6 +4,7 @@
 from cyclonedx.model import ExternalReference, ExternalReferenceType, Tool, XsUri
 from cyclonedx.model.bom import Bom, Property
 from cyclonedx.model.component import Component
+from loguru import logger
 
 from . import constants
 from .components import ComponentsFactory
@@ -47,9 +48,15 @@ def from_components(components: List[Component]) -> Bom:
 
     @staticmethod
     def from_process(process: psutil.Process) -> Bom:
+        logger.info(f"Inspecting PID:{process.pid}...")
+
         site_packages = get_site_packages(process)
         components = ComponentsFactory.from_site_packages(site_packages)
 
+        vulnerability_count = 0
+        for component in components:
+            vulnerability_count += len(component.get_vulnerabilities())
+
         bom = BOMFactory.from_components(components)
 
         service = ServiceFactory.from_process(process)
@@ -58,4 +65,8 @@ def from_process(process: psutil.Process) -> Bom:
 
         bom.services.add(service)
 
+        logger.info(
+            f"PID:{process.pid} has {len(components)} components and {vulnerability_count} vulnerabilities"
+        )
+
         return bom
diff --git a/pycomponents/vulnerability.py b/pycomponents/vulnerability.py
@@ -57,10 +57,6 @@ def from_osv_vuln(vuln: Vuln) -> Vulnerability:
 
     @staticmethod
     def from_component(component: Component) -> List[Vulnerability]:
-        from loguru import logger
-
-        logger.info(component.name)
-        logger.info(component.version)
         if component.version is None:
             return []
 
@@ -77,6 +73,4 @@ def from_component(component: Component) -> List[Vulnerability]:
             vulnerability.affects = [BomTarget(ref=component.bom_ref.value)]
             vulnerabilities.append(vulnerability)
 
-        logger.info(vulnerabilities)
-
         return vulnerabilities
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "py-sbom-components"
-version = "0.2.0"
+version = "0.2.1"
 description = "An experimental tool to generate CycloneDX BOM from running Python processes"
 authors = ["Manabu Niseki <manabu.niseki@gmail.com>"]
 packages = [

diff --git a/vagrant/Vagrantfile b/vagrant/Vagrantfile