{ "info": { "author": "James Hochadel", "author_email": "james@carbonrelay.com", "bugtrack_url": null, "classifiers": [ "License :: OSI Approved :: Apache Software License", "Operating System :: OS Independent", "Programming Language :: Python :: 3" ], "description": "# PyBOM\nGenerate a bill of materials and vulnerability information for your python projects.\n\n[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)\n[![PyPI version](https://badge.fury.io/py/pybom.svg)](https://badge.fury.io/py/pybom)\n[![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/python/black)\n\n## About\nPyBOM has two functions:\n1. Aggregate a python project's license, package, and vulnerability information in one place by leveraging the GitHub [dependency](https://developer.github.com/v4/previews/#access-to-a-repositories-dependency-graph) and [vulnerability](https://developer.github.com/v4/previews/#repository-vulnerability-alerts) APIs and [PyPI JSON API](https://warehouse.readthedocs.io/api-reference/json/).\n2. Report image vulnerability information for docker images pushed to a registry. (Currently in development; Google Container Registry will be the first supported.)\n\n## Getting Started\n### Installation\n```bash\npip install pybom\n```\n\n...or add `pybom` to your `requirements.txt` and run `pip install -r requirements.txt`.\n\n### Usage\n#### GitHub Personal Access Token\nPyBOM uses GitHub's v4 GraphQL API to get dependency and vulnerability information. To use the API, you must have a Personal Access Token (PAT).\n\nTo get a PAT:\n1. Navigate to the [Personal access tokens](https://github.com/settings/tokens) page in GitHub's Settings (Settings > Developer settings > Personal access tokens)\n1. Click **Generate new token**.\n1. Add a note explaining what the token is for, and under **Scopes**, select **Repo**.\n1. Click **Generate Token**.\n1. Copy the token. You won't be able to see it again.\n\nPyBOM reads the token from the `GITHUB_PERSONAL_ACCESS_TOKEN` environment variable. To set this variable for all bash sessions, include the following in your `.bash_profile` (on macOS):\n```bash\nexport GITHUB_PERSONAL_ACCESS_TOKEN=\n```\n...then `source ~/.bash_profile` in your current session to set the variable.\n\n#### Python BOM\nTo get a list of components in your Python project hosted in Github:\n(Note: You must have the Dependency Graph API turned on for this to work.)\n```python\nfrom pybom.repository import get_components\n\nrepo_name = \"pybom\"\nrepo_owner = \"carbonrelay\"\n\ncomponents = get_components(repo_name, repo_owner)\ntype(components) # \ntype(components[0]) # \n```\n\n#### Python Vulnerabilities\nTo get a list of vulnerabilities in your Python project hosted on Github:\n```python\nfrom pybom.repository import get_vulnerabilities\n\nrepo_name = \"pybom\"\nrepo_owner = \"carbonrelay\"\n\nvulnerabilities = get_vulnerabilities(repo_name, repo_owner)\ntype(vulnerabilities) # \ntype(vulnerabilities[0]) # \n```\n\n#### Image Vulnerabilities\nImage vulnerability reporting is not yet fully implemented. It will be finished in a future release.\n\n## Contributing\nPyBOM is developed and tested against Python 3.6. I recommend using `pyenv` to manage your python versions and `venv` to manage project dependencies.\n\nAfter cloning the repository:\n\n```bash\npython -m venv venv\n. venv/bin/activate\npip install -r requirements.txt\n\n# run tests with coverage report\n./coverage.sh\n```\n\nTo build the project wheels:\n```bash\n# adapted from https://packaging.python.org/tutorials/packaging-projects/\npip install --user --upgrade setuptools wheel\npython setup.py sdist bdist_wheel\n```\n\nIf you bump a requirement version in `requirements.txt`, freeze the new dependencies to `requirements-freeze.txt`:\n```bash\npip freeze > requirements-freeze.txt\n```\n\n## License\nThis project is licensed under the Apache license. See [LICENSE.md](LICENSE.md).\n\n\n", "description_content_type": "text/markdown", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/carbonrelay/pybom", "keywords": "", "license": "", "maintainer": "", "maintainer_email": "", "name": "pybom", "package_url": "https://pypi.org/project/pybom/", "platform": "", "project_url": "https://pypi.org/project/pybom/", "project_urls": { "Homepage": "https://github.com/carbonrelay/pybom" }, "release_url": "https://pypi.org/project/pybom/0.2.0/", "requires_dist": null, "requires_python": "", "summary": "Generate a bill of materials and vulnerability information for your python projects.", "version": "0.2.0" }, "last_serial": 5253685, "releases": { "0.2.0": [ { "comment_text": "", "digests": { "md5": "dece0b60255ba290f5bf54a0e8ab5ae8", "sha256": "e84a1b6d872b7317036bd2f2ce8c7ce524df4868b94d048d577f3af73515abf7" }, "downloads": -1, "filename": "pybom-0.2.0-py3-none-any.whl", "has_sig": false, "md5_digest": "dece0b60255ba290f5bf54a0e8ab5ae8", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 6897, "upload_time": "2019-05-10T19:21:39", "url": "https://files.pythonhosted.org/packages/a5/a8/c769551b5a1d164f16ac715de36d6a6420fc45ef622f8e931837c5a2b9e5/pybom-0.2.0-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "389640a0ef6b2b530ee42f81e0fe0585", "sha256": "9e31c55444fc48dc7d7e794b786fb0059222aecdee3c638885085e959aef6288" }, "downloads": -1, "filename": "pybom-0.2.0.tar.gz", "has_sig": false, "md5_digest": "389640a0ef6b2b530ee42f81e0fe0585", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 2827, "upload_time": "2019-05-10T19:21:40", "url": "https://files.pythonhosted.org/packages/f6/fd/8d176314e55d2621bfea974d568d07605163f1702d0c782bc62fb6f9ff7b/pybom-0.2.0.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "dece0b60255ba290f5bf54a0e8ab5ae8", "sha256": "e84a1b6d872b7317036bd2f2ce8c7ce524df4868b94d048d577f3af73515abf7" }, "downloads": -1, "filename": "pybom-0.2.0-py3-none-any.whl", "has_sig": false, "md5_digest": "dece0b60255ba290f5bf54a0e8ab5ae8", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 6897, "upload_time": "2019-05-10T19:21:39", "url": "https://files.pythonhosted.org/packages/a5/a8/c769551b5a1d164f16ac715de36d6a6420fc45ef622f8e931837c5a2b9e5/pybom-0.2.0-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "389640a0ef6b2b530ee42f81e0fe0585", "sha256": "9e31c55444fc48dc7d7e794b786fb0059222aecdee3c638885085e959aef6288" }, "downloads": -1, "filename": "pybom-0.2.0.tar.gz", "has_sig": false, "md5_digest": "389640a0ef6b2b530ee42f81e0fe0585", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 2827, "upload_time": "2019-05-10T19:21:40", "url": "https://files.pythonhosted.org/packages/f6/fd/8d176314e55d2621bfea974d568d07605163f1702d0c782bc62fb6f9ff7b/pybom-0.2.0.tar.gz" } ] }