{"id":18638508,"url":"https://github.com/anthonyharrison/sbom2doc","last_synced_at":"2025-08-21T02:31:43.123Z","repository":{"id":65626772,"uuid":"595197776","full_name":"anthonyharrison/sbom2doc","owner":"anthonyharrison","description":"Transform SBOM contents into a formatted document including markdown and PDF formats","archived":false,"fork":false,"pushed_at":"2024-08-29T19:43:37.000Z","size":48,"stargazers_count":19,"open_issues_count":2,"forks_count":5,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-12-08T23:02:02.856Z","etag":null,"topics":["cyclonedx","devsecops","markdown-generator","pdf-generation","sbom","sbom-tool","spdx"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/anthonyharrison.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["anthonyharrison"],"patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"lfx_crowdfunding":null,"custom":null}},"created_at":"2023-01-30T15:47:32.000Z","updated_at":"2024-12-07T06:43:18.000Z","dependencies_parsed_at":"2024-08-12T21:30:14.577Z","dependency_job_id":"7f6c145b-b6d5-4f2a-9726-96be4d4564e7","html_url":"https://github.com/anthonyharrison/sbom2doc","commit_stats":null,"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anthonyharrison%2Fsbom2doc","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anthonyharrison%2Fsbom2doc/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anthonyharrison%2Fsbom2doc/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anthonyharrison%2Fsbom2doc/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/anthonyharrison","download_url":"https://codeload.github.com/anthonyharrison/sbom2doc/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":230479865,"owners_count":18232630,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cyclonedx","devsecops","markdown-generator","pdf-generation","sbom","sbom-tool","spdx"],"created_at":"2024-11-07T05:42:12.079Z","updated_at":"2024-12-19T18:17:17.179Z","avatar_url":"https://github.com/anthonyharrison.png","language":"Python","funding_links":["https://github.com/sponsors/anthonyharrison"],"categories":[],"sub_categories":[],"readme":"# SBOM2DOC\n\nSBOM2DOC documents and summarises the components within an SBOM (Software Bill of Materials). SBOMS are supported in a number of formats including\n[SPDX](https://www.spdx.org) and [CycloneDX](https://www.cyclonedx.org).\n\n## Installation\n\nTo install use the following command:\n\n`pip install sbom2doc`\n\nAlternatively, just clone the repo and install dependencies using the following command:\n\n`pip install -U -r requirements.txt`\n\nThe tool requires Python 3 (3.7+). It is recommended to use a virtual python environment especially\nif you are using different versions of python. `virtualenv` is a tool for setting up virtual python environments which\nallows you to have all the dependencies for the tool set up in a single environment, or have different environments set\nup for testing using different versions of Python.\n\n## Usage\n\n```\nusage: sbom2doc [-h] [-i INPUT_FILE] [--debug] [--include-license] [-f {console,excel,html,json,markdown,pdf}] [-o OUTPUT_FILE] [-V]\n\nSBOM2doc generates documentation for a SBOM.\n\noptions:\n -h, --help show this help message and exit\n -V, --version show program's version number and exit\n\nInput:\n -i INPUT_FILE, --input-file INPUT_FILE\n Name of SBOM file\n\nOutput:\n --debug add debug information\n --include-license add license text\n -f {console,excel,html,json,markdown,pdf}, --format {console,excel,html,json,markdown,pdf}\n Output format (default: output to console)\n -o OUTPUT_FILE, --output-file OUTPUT_FILE\n output filename (default: output to stdout)\n```\n\t\t\t\t\t\n## Operation\n\nThe `--input-file` option is used to specify the SBOM to be processed. The format of the SBOM is determined according to\nthe following filename conventions.\n\n| SBOM | Format | Filename extension |\n| --------- | --------- |--------------------|\n| SPDX | TagValue | .spdx |\n| SPDX | JSON | .spdx.json |\n| SPDX | YAML | .spdx.yaml |\n| SPDX | YAML | .spdx.yml |\n| CycloneDX | JSON | .json |\n\nThe `--output-file` option is used to control the destination of the output generated by the tool. The\ndefault is to report to the console, but it can also be stored in a file (specified using `--output-file` option).\n\nSelecting the `html` format option will create a HTML body document which uses the [Bootstrap](https://getbootstrap.com/) framework.\n\nThe `--include-license` option is used to indicate if the text for the licenses is to be included in the output.\n\n## Example\n\nGiven the following SBOM (flask.spdx)\n\n```bash\nSPDXVersion: SPDX-2.3\nDataLicense: CC0-1.0\nSPDXID: SPDXRef-DOCUMENT\nDocumentName: Python-flask\nDocumentNamespace: http://spdx.org/spdxdocs/Python-flask-f95bd9a2-1442-4631-9b13-870422204ed4\nLicenseListVersion: 3.21\nCreator: Tool: sbom4python-0.10.0\nCreated: 2023-08-17T20:28:31Z\nCreatorComment: \u003ctext\u003eThis document has been automatically generated.\u003c/text\u003e\n##### \n\nPackageName: flask\nSPDXID: SPDXRef-Package-1-flask\nPackageVersion: 2.2.2\nPrimaryPackagePurpose: APPLICATION\nPackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com)\nPackageDownloadLocation: https://pypi.org/project/Flask/2.2.2\nFilesAnalyzed: false\nPackageLicenseDeclared: BSD-3-Clause\nPackageLicenseConcluded: BSD-3-Clause\nPackageCopyrightText: NOASSERTION\nPackageSummary: \u003ctext\u003eA simple framework for building complex web applications.\u003c/text\u003e\nExternalRef: PACKAGE-MANAGER purl pkg:pypi/flask@2.2.2\nExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:flask:2.2.2:*:*:*:*:*:*:*\n##### \n\nPackageName: click\nSPDXID: SPDXRef-Package-2-click\nPackageVersion: 8.0.3\nPrimaryPackagePurpose: LIBRARY\nPackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com)\nPackageDownloadLocation: https://pypi.org/project/click/8.0.3\nFilesAnalyzed: false\nPackageLicenseDeclared: BSD-3-Clause\nPackageLicenseConcluded: BSD-3-Clause\nPackageCopyrightText: NOASSERTION\nPackageSummary: \u003ctext\u003eComposable command line interface toolkit\u003c/text\u003e\nExternalRef: PACKAGE-MANAGER purl pkg:pypi/click@8.0.3\nExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:click:8.0.3:*:*:*:*:*:*:*\n##### \n\nPackageName: itsdangerous\nSPDXID: SPDXRef-Package-3-itsdangerous\nPackageVersion: 2.1.2\nPrimaryPackagePurpose: LIBRARY\nPackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com)\nPackageDownloadLocation: https://pypi.org/project/itsdangerous/2.1.2\nFilesAnalyzed: false\nPackageLicenseDeclared: BSD-3-Clause\nPackageLicenseConcluded: BSD-3-Clause\nPackageCopyrightText: NOASSERTION\nPackageSummary: \u003ctext\u003eSafely pass data to untrusted environments and back.\u003c/text\u003e\nExternalRef: PACKAGE-MANAGER purl pkg:pypi/itsdangerous@2.1.2\nExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:itsdangerous:2.1.2:*:*:*:*:*:*:*\n##### \n\nPackageName: jinja2\nSPDXID: SPDXRef-Package-4-jinja2\nPackageVersion: 3.0.2\nPrimaryPackagePurpose: LIBRARY\nPackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com)\nPackageDownloadLocation: https://pypi.org/project/Jinja2/3.0.2\nFilesAnalyzed: false\nPackageLicenseDeclared: BSD-3-Clause\nPackageLicenseConcluded: BSD-3-Clause\nPackageCopyrightText: NOASSERTION\nPackageSummary: \u003ctext\u003eA very fast and expressive template engine.\u003c/text\u003e\nExternalRef: PACKAGE-MANAGER purl pkg:pypi/jinja2@3.0.2\nExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:jinja2:3.0.2:*:*:*:*:*:*:*\n##### \n\nPackageName: markupsafe\nSPDXID: SPDXRef-Package-5-markupsafe\nPackageVersion: 2.1.1\nPrimaryPackagePurpose: LIBRARY\nPackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com)\nPackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.1\nFilesAnalyzed: false\nPackageLicenseDeclared: BSD-3-Clause\nPackageLicenseConcluded: BSD-3-Clause\nPackageCopyrightText: NOASSERTION\nPackageSummary: \u003ctext\u003eSafely add untrusted strings to HTML/XML markup.\u003c/text\u003e\nExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@2.1.1\nExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:markupsafe:2.1.1:*:*:*:*:*:*:*\n##### \n\nPackageName: werkzeug\nSPDXID: SPDXRef-Package-6-werkzeug\nPackageVersion: 2.2.2\nPrimaryPackagePurpose: LIBRARY\nPackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com)\nPackageDownloadLocation: https://pypi.org/project/Werkzeug/2.2.2\nFilesAnalyzed: false\nPackageLicenseDeclared: BSD-3-Clause\nPackageLicenseConcluded: BSD-3-Clause\nPackageCopyrightText: NOASSERTION\nPackageSummary: \u003ctext\u003eThe comprehensive WSGI web application library.\u003c/text\u003e\nExternalRef: PACKAGE-MANAGER purl pkg:pypi/werkzeug@2.2.2\nExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:werkzeug:2.2.2:*:*:*:*:*:*:*\n##### \n\nRelationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package-1-flask\nRelationship: SPDXRef-Package-1-flask DEPENDS_ON SPDXRef-Package-2-click\nRelationship: SPDXRef-Package-1-flask DEPENDS_ON SPDXRef-Package-3-itsdangerous\nRelationship: SPDXRef-Package-1-flask DEPENDS_ON SPDXRef-Package-4-jinja2\nRelationship: SPDXRef-Package-1-flask DEPENDS_ON SPDXRef-Package-6-werkzeug\nRelationship: SPDXRef-Package-4-jinja2 DEPENDS_ON SPDXRef-Package-5-markupsafe\nRelationship: SPDXRef-Package-6-werkzeug DEPENDS_ON SPDXRef-Package-5-markupsafe\n```\n\nThe following commands will generate a summary of the contents of the SBOM to the console.\n\n```bash\nsbom2doc --input flask.spdx \n\n╭──────────────╮\n│ SBOM Summary │\n╰──────────────╯\n┏━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓\n┃ Item ┃ Details ┃\n┡━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩\n│ SBOM File │ flask.spdx │\n│ SBOM Type │ spdx │\n│ Version │ SPDX-2.3 │\n│ Name │ Python-flask │\n│ Creator │ Tool:sbom4python-0.10.0 │\n│ Created │ 2023-08-17T20:28:31Z │\n│ Files │ 0 │\n│ Packages │ 6 │\n│ Relationships │ 7 │\n│ Services │ 0 │\n│ Vulnerabilities │ 0 │\n└─────────────────┴───────────────────────────────────────────────────────────────────┘\n╭─────────────────╮\n│ Package Summary │\n╰─────────────────╯\n┏━━━━━━━━━━━━━━┳━━━━━━━━━┳━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━┓\n┃ Name ┃ Version ┃ Type ┃ Supplier ┃ License ┃\n┡━━━━━━━━━━━━━━╇━━━━━━━━━╇━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━┩\n│ flask │ 2.2.2 │ APPLICATION │ Armin Ronacher (armin.ronacher@active-4.com) │ BSD-3-Clause │\n│ click │ 8.0.3 │ LIBRARY │ Armin Ronacher (armin.ronacher@active-4.com) │ BSD-3-Clause │\n│ itsdangerous │ 2.1.2 │ LIBRARY │ Armin Ronacher (armin.ronacher@active-4.com) │ BSD-3-Clause │\n│ jinja2 │ 3.0.2 │ LIBRARY │ Armin Ronacher (armin.ronacher@active-4.com) │ BSD-3-Clause │\n│ markupsafe │ 2.1.1 │ LIBRARY │ Armin Ronacher (armin.ronacher@active-4.com) │ BSD-3-Clause │\n│ werkzeug │ 2.2.2 │ LIBRARY │ Armin Ronacher (armin.ronacher@active-4.com) │ BSD-3-Clause │\n└──────────────┴─────────┴─────────────┴──────────────────────────────────────────────┴──────────────┘\n\n\n┏━━━━━━━━━━━━━━┳━━━━━━━━━┳━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━┓\n┃ Name ┃ Version ┃ Ecosystem ┃ Download ┃ Copyright ┃\n┡━━━━━━━━━━━━━━╇━━━━━━━━━╇━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━┩\n│ flask │ 2.2.2 │ pypi │ https://pypi.org/project/Flask/2.2.2 │ NOASSERTION │\n│ click │ 8.0.3 │ pypi │ https://pypi.org/project/click/8.0.3 │ NOASSERTION │\n│ itsdangerous │ 2.1.2 │ pypi │ https://pypi.org/project/itsdangerous/2.1.2 │ NOASSERTION │\n│ jinja2 │ 3.0.2 │ pypi │ https://pypi.org/project/Jinja2/3.0.2 │ NOASSERTION │\n│ markupsafe │ 2.1.1 │ pypi │ https://pypi.org/project/MarkupSafe/2.1.1 │ NOASSERTION │\n│ werkzeug │ 2.2.2 │ pypi │ https://pypi.org/project/Werkzeug/2.2.2 │ NOASSERTION │\n└──────────────┴─────────┴───────────┴─────────────────────────────────────────────┴─────────────┘\n\n\n┏━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓\n┃ Name ┃ PURL ┃ CPE ┃\n┡━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩\n│ flask │ pkg:pypi/flask@2.2.2 │ cpe:2.3:a:armin_ronacher:flask:2.2.2:*:*:*:*:*:*:* │\n│ click │ pkg:pypi/click@8.0.3 │ cpe:2.3:a:armin_ronacher:click:8.0.3:*:*:*:*:*:*:* │\n│ itsdangerous │ pkg:pypi/itsdangerous@2.1.2 │ cpe:2.3:a:armin_ronacher:itsdangerous:2.1.2:*:*:*:*:*:*:* │\n│ jinja2 │ pkg:pypi/jinja2@3.0.2 │ cpe:2.3:a:armin_ronacher:jinja2:3.0.2:*:*:*:*:*:*:* │\n│ markupsafe │ pkg:pypi/markupsafe@2.1.1 │ cpe:2.3:a:armin_ronacher:markupsafe:2.1.1:*:*:*:*:*:*:* │\n│ werkzeug │ pkg:pypi/werkzeug@2.2.2 │ cpe:2.3:a:armin_ronacher:werkzeug:2.2.2:*:*:*:*:*:*:* │\n└──────────────┴─────────────────────────────┴───────────────────────────────────────────────────────────┘\n╭────────────────────────╮\n│ Component Type Summary │\n╰────────────────────────╯\n┏━━━━━━━━━━━━━┳━━━━━━━┓\n┃ Type ┃ Count ┃\n┡━━━━━━━━━━━━━╇━━━━━━━┩\n│ APPLICATION │ 1 │\n│ LIBRARY │ 5 │\n└─────────────┴───────┘\n╭─────────────────╮\n│ License Summary │\n╰─────────────────╯\n┏━━━━━━━━━━━━━━┳━━━━━━━┓\n┃ License ┃ Count ┃\n┡━━━━━━━━━━━━━━╇━━━━━━━┩\n│ BSD-3-Clause │ 6 │\n└──────────────┴───────┘\n╭──────────────────╮\n│ Supplier Summary │\n╰──────────────────╯\n┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━┓\n┃ Supplier ┃ Count ┃\n┡━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━┩\n│ Armin Ronacher (armin.ronacher@active-4.com) │ 6 │\n└──────────────────────────────────────────────┴───────┘\n╭──────────────╮\n│ NTIA Summary │\n╰──────────────╯\n┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━┓\n┃ Element ┃ Status ┃\n┡━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━┩\n│ All file information provided? │ True │\n│ All package information provided? │ True │\n│ Creator identified? │ True │\n│ Creation time identified? │ True │\n│ Dependency relationships provided? │ True │\n└────────────────────────────────────┴────────┘\n\nNTIA conformant True \n```\n\n## Licence\n\nLicenced under the Apache 2.0 Licence.\n\n## Limitations\n\nThe tool has the following limitations\n\n- SBOMs in RDF (SPDX) and XML (SPDX and CycloneDX) formats are not supported.\n\n- Invalid SBOMs will result in unpredictable results.\n\n## Feedback and Contributions\n\nBugs and feature requests can be made via GitHub Issues.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanthonyharrison%2Fsbom2doc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fanthonyharrison%2Fsbom2doc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanthonyharrison%2Fsbom2doc/lists"}