-
-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
4796d0e
commit 69e499c
Showing
1 changed file
with
62 additions
and
50 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -57,7 +57,7 @@ the following filename conventions. | |
| CycloneDX | JSON | .json | | ||
|
||
The `--output-file` option is used to control the destination of the output generated by the tool. The | ||
default is to report to the console, but it can also be stored in a file (specified using `--output-file` option). | ||
default is to report to the console, but it can also be stored in a JSON file (specified using `--output-file` option). | ||
|
||
The `--include-license` option is used to indicate if the text for the licenses is to be included in the output. | ||
|
||
|
@@ -70,99 +70,99 @@ SPDXVersion: SPDX-2.3 | |
DataLicense: CC0-1.0 | ||
SPDXID: SPDXRef-DOCUMENT | ||
DocumentName: Python-flask | ||
DocumentNamespace: http://spdx.org/spdxdocs/Python-flask-0d6084b4-1a7b-42f7-97e2-65bc4b109783 | ||
LicenseListVersion: 3.20 | ||
Creator: Tool: sbom4python-0.9.0 | ||
Created: 2023-03-31T11:01:17Z | ||
DocumentNamespace: http://spdx.org/spdxdocs/Python-flask-f95bd9a2-1442-4631-9b13-870422204ed4 | ||
LicenseListVersion: 3.21 | ||
Creator: Tool: sbom4python-0.10.0 | ||
Created: 2023-08-17T20:28:31Z | ||
CreatorComment: <text>This document has been automatically generated.</text> | ||
##### | ||
|
||
PackageName: flask | ||
SPDXID: SPDXRef-Package-1-flask | ||
PackageVersion: 2.2.2 | ||
PrimaryPackagePurpose: APPLICATION | ||
PackageSupplier: Person: Armin Ronacher ([email protected]) | ||
PackageDownloadLocation: https://pypi.org/project/Flask/2.2.2 | ||
FilesAnalyzed: false | ||
PackageHomePage: https://palletsprojects.com/p/flask | ||
PackageLicenseDeclared: BSD-3-Clause | ||
PackageLicenseConcluded: BSD-3-Clause | ||
PackageCopyrightText: NOASSERTION | ||
PackageSummary: A simple framework for building complex web applications. | ||
PackageSummary: <text>A simple framework for building complex web applications.</text> | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected] | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:flask:2.2.2:*:*:*:*:*:*:* | ||
##### | ||
|
||
PackageName: click | ||
SPDXID: SPDXRef-Package-2-click | ||
PackageVersion: 8.0.3 | ||
PrimaryPackagePurpose: LIBRARY | ||
PackageSupplier: Person: Armin Ronacher ([email protected]) | ||
PackageDownloadLocation: https://pypi.org/project/click/8.0.3 | ||
FilesAnalyzed: false | ||
PackageHomePage: https://palletsprojects.com/p/click/ | ||
PackageLicenseDeclared: BSD-3-Clause | ||
PackageLicenseConcluded: BSD-3-Clause | ||
PackageCopyrightText: NOASSERTION | ||
PackageSummary: Composable command line interface toolkit | ||
PackageSummary: <text>Composable command line interface toolkit</text> | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected] | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:click:8.0.3:*:*:*:*:*:*:* | ||
##### | ||
|
||
PackageName: itsdangerous | ||
SPDXID: SPDXRef-Package-3-itsdangerous | ||
PackageVersion: 2.1.2 | ||
PrimaryPackagePurpose: LIBRARY | ||
PackageSupplier: Person: Armin Ronacher ([email protected]) | ||
PackageDownloadLocation: https://pypi.org/project/itsdangerous/2.1.2 | ||
FilesAnalyzed: false | ||
PackageHomePage: https://palletsprojects.com/p/itsdangerous/ | ||
PackageLicenseDeclared: BSD-3-Clause | ||
PackageLicenseConcluded: BSD-3-Clause | ||
PackageCopyrightText: NOASSERTION | ||
PackageSummary: Safely pass data to untrusted environments and back. | ||
PackageSummary: <text>Safely pass data to untrusted environments and back.</text> | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected] | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:itsdangerous:2.1.2:*:*:*:*:*:*:* | ||
##### | ||
|
||
PackageName: jinja2 | ||
SPDXID: SPDXRef-Package-4-jinja2 | ||
PackageVersion: 3.0.2 | ||
PrimaryPackagePurpose: LIBRARY | ||
PackageSupplier: Person: Armin Ronacher ([email protected]) | ||
PackageDownloadLocation: https://pypi.org/project/Jinja2/3.0.2 | ||
FilesAnalyzed: false | ||
PackageHomePage: https://palletsprojects.com/p/jinja/ | ||
PackageLicenseDeclared: BSD-3-Clause | ||
PackageLicenseConcluded: BSD-3-Clause | ||
PackageCopyrightText: NOASSERTION | ||
PackageSummary: A very fast and expressive template engine. | ||
PackageSummary: <text>A very fast and expressive template engine.</text> | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected] | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:jinja2:3.0.2:*:*:*:*:*:*:* | ||
##### | ||
|
||
PackageName: markupsafe | ||
SPDXID: SPDXRef-Package-5-markupsafe | ||
PackageVersion: 2.1.1 | ||
PrimaryPackagePurpose: LIBRARY | ||
PackageSupplier: Person: Armin Ronacher ([email protected]) | ||
PackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.1 | ||
FilesAnalyzed: false | ||
PackageHomePage: https://palletsprojects.com/p/markupsafe/ | ||
PackageLicenseDeclared: BSD-3-Clause | ||
PackageLicenseConcluded: BSD-3-Clause | ||
PackageCopyrightText: NOASSERTION | ||
PackageSummary: Safely add untrusted strings to HTML/XML markup. | ||
PackageSummary: <text>Safely add untrusted strings to HTML/XML markup.</text> | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected] | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:markupsafe:2.1.1:*:*:*:*:*:*:* | ||
##### | ||
|
||
PackageName: werkzeug | ||
SPDXID: SPDXRef-Package-6-werkzeug | ||
PackageVersion: 2.2.2 | ||
PrimaryPackagePurpose: LIBRARY | ||
PackageSupplier: Person: Armin Ronacher ([email protected]) | ||
PackageDownloadLocation: https://pypi.org/project/Werkzeug/2.2.2 | ||
FilesAnalyzed: false | ||
PackageHomePage: https://palletsprojects.com/p/werkzeug/ | ||
PackageLicenseDeclared: BSD-3-Clause | ||
PackageLicenseConcluded: BSD-3-Clause | ||
PackageCopyrightText: NOASSERTION | ||
PackageSummary: The comprehensive WSGI web application library. | ||
PackageSummary: <text>The comprehensive WSGI web application library.</text> | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected] | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:werkzeug:2.2.2:*:*:*:*:*:*:* | ||
##### | ||
|
@@ -181,44 +181,56 @@ The following commands will generate a summary of the contents of the SBOM to th | |
```bash | ||
sbom2doc --input flask.spdx | ||
|
||
╭──────────────╮ | ||
│ SBOM Summary │ | ||
╰──────────────╯ | ||
┏━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━┓ | ||
┃ Item ┃ Details ┃ | ||
┡━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━┩ | ||
│ SBOM File │ /tmp/flask.spdx │ | ||
│ SBOM Type │ spdx │ | ||
│ Version │ SPDX-2.3 │ | ||
│ Name │ Python-flask │ | ||
│ Creator │ Tool:sbom4python-0.9.0 │ | ||
│ Created │ 2023-03-31T11:01:17Z │ | ||
│ Files │ 0 │ | ||
│ Packages │ 6 │ | ||
│ Relationships │ 7 │ | ||
└───────────────┴────────────────────────┘ | ||
┏━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓ | ||
┃ Item ┃ Details ┃ | ||
┡━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩ | ||
│ SBOM File │ /root/Downloads/flask.spdx │ | ||
│ SBOM Type │ spdx │ | ||
│ Version │ SPDX-2.3 │ | ||
│ Name │ Python-flask │ | ||
│ Creator │ Tool:sbom4python-0.10.0 │ | ||
│ Created │ 2023-08-17T20:28:31Z │ | ||
│ Files │ 0 │ | ||
│ Packages │ 6 │ | ||
│ Relationships │ 7 │ | ||
└───────────────┴────────────────────────────┘ | ||
╭─────────────────╮ | ||
│ Package Summary │ | ||
╰─────────────────╯ | ||
┏━━━━━━━━━━━━━━┳━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━┓ | ||
┃ Name ┃ Version ┃ Supplier ┃ License ┃ | ||
┡━━━━━━━━━━━━━━╇━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━┩ | ||
│ flask │ 2.2.2 │ Armin Ronacher ([email protected]) │ BSD-3-Clause │ | ||
│ click │ 8.0.3 │ Armin Ronacher ([email protected]) │ BSD-3-Clause │ | ||
│ itsdangerous │ 2.1.2 │ Armin Ronacher ([email protected]) │ BSD-3-Clause │ | ||
│ jinja2 │ 3.0.2 │ Armin Ronacher ([email protected]) │ BSD-3-Clause │ | ||
│ markupsafe │ 2.1.1 │ Armin Ronacher ([email protected]) │ BSD-3-Clause │ | ||
│ werkzeug │ 2.2.2 │ Armin Ronacher ([email protected]) │ BSD-3-Clause │ | ||
└──────────────┴─────────┴──────────────────────────────────────────────┴──────────────┘ | ||
┏━━━━━━━━━━━━━━┳━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━┓ | ||
┃ Name ┃ Version ┃ Download ┃ Copyright ┃ | ||
┡━━━━━━━━━━━━━━╇━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━┩ | ||
│ flask │ 2.2.2 │ https://pypi.org/project/Flask/2.2.2 │ - │ | ||
│ click │ 8.0.3 │ https://pypi.org/project/click/8.0.3 │ - │ | ||
│ itsdangerous │ 2.1.2 │ https://pypi.org/project/itsdangerous/2.1.2 │ - │ | ||
│ jinja2 │ 3.0.2 │ https://pypi.org/project/Jinja2/3.0.2 │ - │ | ||
│ markupsafe │ 2.1.1 │ https://pypi.org/project/MarkupSafe/2.1.1 │ - │ | ||
│ werkzeug │ 2.2.2 │ https://pypi.org/project/Werkzeug/2.2.2 │ - │ | ||
└──────────────┴─────────┴─────────────────────────────────────────────┴───────────┘ | ||
┏━━━━━━━━━━━━━━┳━━━━━━━━━┳━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━┓ | ||
┃ Name ┃ Version ┃ Type ┃ Supplier ┃ License ┃ | ||
┡━━━━━━━━━━━━━━╇━━━━━━━━━╇━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━┩ | ||
│ flask │ 2.2.2 │ APPLICATION │ Armin Ronacher ([email protected]) │ BSD-3-Clause │ | ||
│ click │ 8.0.3 │ LIBRARY │ Armin Ronacher ([email protected]) │ BSD-3-Clause │ | ||
│ itsdangerous │ 2.1.2 │ LIBRARY │ Armin Ronacher ([email protected]) │ BSD-3-Clause │ | ||
│ jinja2 │ 3.0.2 │ LIBRARY │ Armin Ronacher ([email protected]) │ BSD-3-Clause │ | ||
│ markupsafe │ 2.1.1 │ LIBRARY │ Armin Ronacher ([email protected]) │ BSD-3-Clause │ | ||
│ werkzeug │ 2.2.2 │ LIBRARY │ Armin Ronacher ([email protected]) │ BSD-3-Clause │ | ||
└──────────────┴─────────┴─────────────┴──────────────────────────────────────────────┴──────────────┘ | ||
|
||
|
||
┏━━━━━━━━━━━━━━┳━━━━━━━━━┳━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━┓ | ||
┃ Name ┃ Version ┃ Ecosystem ┃ Download ┃ Copyright ┃ | ||
┡━━━━━━━━━━━━━━╇━━━━━━━━━╇━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━┩ | ||
│ flask │ 2.2.2 │ pypi │ https://pypi.org/project/Flask/2.2.2 │ NOASSERTION │ | ||
│ click │ 8.0.3 │ pypi │ https://pypi.org/project/click/8.0.3 │ NOASSERTION │ | ||
│ itsdangerous │ 2.1.2 │ pypi │ https://pypi.org/project/itsdangerous/2.1.2 │ NOASSERTION │ | ||
│ jinja2 │ 3.0.2 │ pypi │ https://pypi.org/project/Jinja2/3.0.2 │ NOASSERTION │ | ||
│ markupsafe │ 2.1.1 │ pypi │ https://pypi.org/project/MarkupSafe/2.1.1 │ NOASSERTION │ | ||
│ werkzeug │ 2.2.2 │ pypi │ https://pypi.org/project/Werkzeug/2.2.2 │ NOASSERTION │ | ||
└──────────────┴─────────┴───────────┴─────────────────────────────────────────────┴─────────────┘ | ||
╭────────────────────────╮ | ||
│ Component Type Summary │ | ||
╰────────────────────────╯ | ||
┏━━━━━━━━━━━━━┳━━━━━━━┓ | ||
┃ Type ┃ Count ┃ | ||
┡━━━━━━━━━━━━━╇━━━━━━━┩ | ||
│ APPLICATION │ 1 │ | ||
│ LIBRARY │ 5 │ | ||
└─────────────┴───────┘ | ||
╭─────────────────╮ | ||
│ License Summary │ | ||
╰─────────────────╯ | ||
|