{"id":15007088,"url":"https://github.com/morpheuslord/startup-sbom","last_synced_at":"2025-10-04T06:30:27.882Z","repository":{"id":232655011,"uuid":"779994942","full_name":"morpheuslord/Startup-SBOM","owner":"morpheuslord","description":"A tool to reverse engineer and inspect the RPM and APT databases to list all the packages along with executables, service and versions.","archived":false,"fork":false,"pushed_at":"2025-01-13T17:53:58.000Z","size":2388,"stargazers_count":16,"open_issues_count":0,"forks_count":2,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-01-18T07:53:12.411Z","etag":null,"topics":["apt-packages","cyclonedx","linux","linux-app","package-resolver","reverse-engineering","rpm-packa","sbom","sbom-tool","startup","startup-script"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/morpheuslord.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":null,"code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-03-31T11:53:02.000Z","updated_at":"2025-01-13T17:54:02.000Z","dependencies_parsed_at":"2024-12-06T16:54:08.542Z","dependency_job_id":"1408cdb3-ff58-432d-b9f0-623a08476b5c","html_url":"https://github.com/morpheuslord/Startup-SBOM","commit_stats":null,"previous_names":["morpheuslord/startup-sbom"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/morpheuslord%2FStartup-SBOM","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/morpheuslord%2FStartup-SBOM/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/morpheuslord%2FStartup-SBOM/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/morpheuslord%2FStartup-SBOM/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/morpheuslord","download_url":"https://codeload.github.com/morpheuslord/Startup-SBOM/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":235222537,"owners_count":18955329,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["apt-packages","cyclonedx","linux","linux-app","package-resolver","reverse-engineering","rpm-packa","sbom","sbom-tool","startup","startup-script"],"created_at":"2024-09-24T19:03:17.312Z","updated_at":"2025-10-04T06:30:22.532Z","avatar_url":"https://github.com/morpheuslord.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Startup-SBOM\r\n\r\nThis is a simple SBOM utility which aims to provide an insider view on which packages are getting executed.\r\n\r\nThe process and objective is simple we can get a clear perspective view on the packages installed by APT (*currently working on implementing this for RPM and other package managers*). This is mainly needed to check which all packages are actually being executed.\r\n\r\n## Installation\r\nThe packages needed are mentioned in the  `requirements.txt` file and can be installed using pip:\r\n```bash\r\npip3 install -r requirements.txt\r\n```\r\n\r\n## Usage\r\n- First of all install the packages.\r\n- Secondly , you need to set up environment variables such as:\r\n    - `Mount the image:` Currently I am still working on a mechanism to automatically define a mount point and mount different types of images and volumes but its still quite a task for me.\r\n- Finally run the tool to list all the packages.\r\n\r\n\r\n| Argument          | Description                                                                                                      |\r\n|-------------------|------------------------------------------------------------------------------------------------------------------|\r\n| `--analysis-mode` | Specifies the mode of operation. Default is `static`. Choices are `static` and `chroot`.                         |\r\n| `--static-type`   | Specifies the type of analysis for static mode. Required for static mode only. Choices are `info` and `service`. |\r\n| `--volume-path`   | Specifies the path to the mounted volume. Default is `/mnt`.                                                     |\r\n| `--save-file`     | Specifies the output file for JSON output.                                                                       |\r\n| `--info-graphic`  | Specifies whether to generate visual plots for CHROOT analysis. Default is `True`.                               |\r\n| `--pkg-mgr`     |  Manually specify the package manager or dont add this option for automatic check.                                                          |\r\n**APT:**\r\n- *Static Info Analysis:*\r\n    - This command runs the program in static analysis mode, specifically using the Info Directory analysis method.\r\n    - It analyzes the packages installed on the mounted volume located at `/mnt`.\r\n    - It saves the output in a JSON file named `output.json`.\r\n    - It generates visual plots for CHROOT analysis.\r\n\r\n    ```bash\r\n    python3 main.py --pkg-mgr apt --analysis-mode static --static-type info --volume-path /mnt --save-file output.json\r\n    ```\r\n- *Static Service Analysis:*\r\n\r\n   - This command runs the program in static analysis mode, specifically using the Service file analysis method.\r\n   - It analyzes the packages installed on the mounted volume located at `/custom_mount`.\r\n   - It saves the output in a JSON file named `output.json`.\r\n   - It does not generate visual plots for CHROOT analysis.\r\n    ```bash\r\n    python3 main.py --pkg-mgr apt --analysis-mode static --static-type service --volume-path /custom_mount --save-file output.json --info-graphic False\r\n    ```\r\n\r\n- *Chroot analysis with or without Graphic output:*\r\n   - This command runs the program in chroot analysis mode.\r\n   - It analyzes the packages installed on the mounted volume located at `/mnt`.\r\n   - It saves the output in a JSON file named `output.json`.\r\n   - It generates visual plots for CHROOT analysis.\r\n   - For graphical output keep `--info-graphic` as `True` else `False`\r\n    ```bash\r\n    python3 main.py --pkg-mgr apt --analysis-mode chroot --volume-path /mnt --save-file output.json --info-graphic True/False\r\n    ```\r\n\r\n**RPM**\r\n- *Static Analysis:*\r\n    - Similar to how its done on apt but there is only one type of static scan avaialable for now.\r\n    ```bash\r\n    python3 main.py --pkg-mgr rpm --analysis-mode static --volume-path /mnt --save-file output.json\r\n    ```\r\n\r\n- *Chroot analysis with or without Graphic output:*\r\n   - Exactly how its done on apt.\r\n    ```bash\r\n    python3 main.py --pkg-mgr rpm --analysis-mode chroot --volume-path /mnt --save-file output.json --info-graphic True/False\r\n    ```\r\n\r\n## Supporting Images\r\nCurrently the tool works on Debian and Red Hat based images I can guarentee the debian outputs but the Red-Hat onces still needs work to be done its not perfect.\r\n\r\nI am working on the pacman side of things I am trying to find a relaiable way of accessing the pacman db for static analysis.\r\n\r\n## Graphical Output Images (Chroot)\r\n### APT Chroot\r\n![apt](./Docs/sample_output_images/apt.png)\r\n\r\n### RPM Chroot\r\n![rpm](./Docs/sample_output_images/rpm.png)\r\n\r\n## Inner Workings\r\nFor the workings and process related documentation please read the wiki page: [Link](https://github.com/morpheuslord/Startup-SBOM/wiki)\r\n\r\n\r\n## TODO\r\n- [x] Support for RPM\r\n- [x] Support for APT\r\n- [x] Support for Chroot Analysis\r\n- [x] Support for Versions\r\n- [x] Support for Chroot Graphical output\r\n- [x] Support for organized graphical output\r\n- [ ] Support for Pacman\r\n\r\n\r\n## Ideas and Discussions\r\nIdeas regarding this topic are welcome in the discussions page.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmorpheuslord%2Fstartup-sbom","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmorpheuslord%2Fstartup-sbom","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmorpheuslord%2Fstartup-sbom/lists"}