目录
master
分支1
标签0
+ 疑修
Web IDE
gmscofield
[BUG] fix a bug in function middleware2cdx
1年前2次提交
README.md

SIT

       _____ _____ _______ 
      / ____|_   _|__   __|
     | (___   | |    | |   
      \___ \  | |    | |   
      ____) |_| |_   | |   
     |_____/|_____|  |_|   
            

Usage:
  python -m SIT [-v] [--server] <subcommand> ...

Generate Software Bill of Materials (SBOM) for a software package.

Options:
  -v, --version  show program's version number and exit
  --server       Start SIT server mode

subcommands:
  <subcommand>
    generate     Generate SBOM for a software package
    merge        Merge SBOMs
    export       Export Sub-SBOM
    convert      Convert SBOM between different formats

Installation

We provide two ways for users to use SIT: deploying locally by installing all necessary libraries, or using Docker.

Deploy locally

We use poetry to manage dependencies. Make sure you have poetry installed.

pip install poetry

Clone the repository and install the dependencies.

git clone 
cd SIT
poetry install  # install dependencies
poetry shell  # activate the virtual environment
python3 -m SIT --help  # check if SIT is installed successfully

Deploy with Docker

Check the Docker installation guide to install Docker on your machine.

Pull the docker image of SIT.

docker pull gmscofield/sit:latest

Run the container.

docker run --rm -it -p 9020:9020 \
  -v $(pwd)/input:/input \
  gmscofield/sit [--server] <subcommand> ...

The --rm argument automatically removes the container after it stops.

Commands

Server Mode

To run SIT as a server, invoke SIT with --server argument. By default, it listens to port 9020.

python -m SIT --server

Generate Command

Generate an SBOM for the given Python package.

Usage:
  python -m SIT generate [options]

Options:
  -i <INPUT>, --input <INPUT>
                        Input path of software package, default is current path
  -o <OUTPUT>, --output <OUTPUT>
                        Output file path of SBOM, default is stdout
  --model <MODEL>       SBOM Model, choose from SPDX, CycloneDX, OSSBOM or middleware, default is middleware
  --env <ENVIRONMENT>   Running environment of software package, default is None

Examples

If you deploy SIT locally:

python -m SIT generate -i /input/project -o /output/sbom.json --model spdx --env /input/project/env

If you use SIT docker:

docker run --rm -v /localpath/input/project:/input -v /localpath/output:/output gmscofield/sit generate -i /input -o /output/sbom.json --model spdx --env /input/env

Merge Command

Merge two SBOMs.

Usage:
  python -m SIT merge [options]

Options:
  -i <INPUT> <INPUT>, --input <INPUT> <INPUT>
                        Input path of SBOMs to be merged, 2 SBOMs are required. The first one is the root SBOM and the second one is sub-
                        SBOM, currently only support json format
  -o <OUTPUT>, --output <OUTPUT>
                        Output file path of SBOM, default is stdout
  --model <MODEL>       SBOM Model, choose from SPDX, CycloneDX, OSSBOM or middleware, default is middleware

Examples

If you deploy SIT locally:

python -m SIT merge -i /input/sbom1.json /input/sbom2.json -o /output/sbom.json --model spdx

If you use SIT docker:

docker run --rm -v /localpath/input:/input -v /localpath/output:/output gmscofield/sit merge -i /input/sbom1.json /input/sbom2.json -o /output/sbom.json --model spdx

Export Command

Export a sub-SBOM from a given SBOM.

Usage:
  python -m SIT export [options]

Options:
  -i <INPUT>, --input <INPUT>
                        Path of SBOM file to be exported
  -o <OUTPUT>, --output <OUTPUT>
                        Output file path of SBOM, default is stdout
  --id <ID> [<ID> ...]  ID of the top-level Component to be exported
  --model <MODEL>       SBOM Model, choose from SPDX, CycloneDX, OSSBOM or middleware, default is middleware

Examples

If you deploy SIT locally:

python -m SIT export -i /input/sbom.json -o /output/sbom.json --id package-id --model spdx

If you use SIT docker:

docker run --rm -v /localpath/input:/input -v /localpath/output:/output gmscofield/sit export -i /input/sbom.json -o /output/sbom.json --id package-id --model spdx

Convert Command

Convert an SBOM between different SBOM formats.

Usage:
  python -m SIT convert [options]

Options:
  -i <INPUT>, --input <INPUT>
                        Input path of SBOM file to be converted
  -o <OUTPUT>, --output <OUTPUT>
                        Output file path of SBOM, default is stdout
  --model <MODEL>       SBOM Model, choose from SPDX, CycloneDX, OSSBOM or middleware, default is middleware

Examples

If you deploy SIT locally:

python -m SIT convert -i /input/sbom.json -o /output/sbom.json --model spdx

If you use SIT docker:

docker run --rm -v /localpath/input:/input -v /localpath/output:/output gmscofield/sit convert -i /input/sbom.json -o /output/sbom.json --model spdx
关于

SIT 是一款 SBOM 自动化生成工具,致力于解决当前主流工具在数据完整性、标准合规性及依赖关系准确性上的三大不足。通过采用增量构建技术、SBOM中间件与交叉验证机制,SIT 能够为 Python 软件包生成准确、合规、且内容完整的软件物料清单(SBOM)。

pythondockerfile
README.md
365.0 KB
邀请码
    Gitlink(确实开源)
  • 加入我们
  • 官网邮箱:gitlink@ccf.org.cn
    • QQ群
  • QQ群
    • 公众号
  • 公众号

版权所有:中国计算机学会技术支持:开源发展技术委员会
京ICP备13000930号-9 京公网安备 11010802032778号