{"id":15472259,"url":"https://github.com/sethmlarson/pip-sbom","last_synced_at":"2025-10-16T12:51:16.636Z","repository":{"id":182152949,"uuid":"667921552","full_name":"sethmlarson/pip-sbom","owner":"sethmlarson","description":"Generate Software Bill-of-Materials (SBOMs) for Python environments from distribution metadata","archived":false,"fork":false,"pushed_at":"2024-07-12T14:41:58.000Z","size":19,"stargazers_count":12,"open_issues_count":2,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-08-24T15:00:34.405Z","etag":null,"topics":["pip","python","sbom","software-bill-of-materials"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sethmlarson.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-07-18T15:47:08.000Z","updated_at":"2025-02-13T16:01:48.000Z","dependencies_parsed_at":"2024-07-12T16:33:19.494Z","dependency_job_id":"112c7368-2e26-49de-81ec-961573af0420","html_url":"https://github.com/sethmlarson/pip-sbom","commit_stats":{"total_commits":4,"total_committers":2,"mean_commits":2.0,"dds":0.25,"last_synced_commit":"711fb7806c33c1dae5d8705433f27341defdbde2"},"previous_names":["sethmlarson/pip-sbom"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/sethmlarson/pip-sbom","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sethmlarson%2Fpip-sbom","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sethmlarson%2Fpip-sbom/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sethmlarson%2Fpip-sbom/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sethmlarson%2Fpip-sbom/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sethmlarson","download_url":"https://codeload.github.com/sethmlarson/pip-sbom/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sethmlarson%2Fpip-sbom/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279193741,"owners_count":26123586,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-16T02:00:06.019Z","response_time":53,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["pip","python","sbom","software-bill-of-materials"],"created_at":"2024-10-02T02:30:02.904Z","updated_at":"2025-10-16T12:51:16.585Z","avatar_url":"https://github.com/sethmlarson.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# pip-sbom\n\nGenerate Software Bill-of-Materials (SBOMs) for Python environments from distribution metadata.\n\n\u003e **Warning**: This project is highly experimental and should not be used in production.\n\n## Usage\n\nThis tool requires packages to be installed with a PEP 710-compliant installer in order to provide\nthe complete set of fields in an SBOM like checksums, installation URLs, and external references.\n\nBy default will search for installed packages in the current Python installation. \n\n```shell\n$ python -m pip install git+https://github.com/sethmlarson/pip-sbom\n$ pip-sbom\n```\n\nThis will output a JSON SPDX document that looks like this:\n\n```json\n{\n    \"spdxVersion\": \"SPDX-2.3\",\n    \"documentNamespace\": \"UNSET\",\n    \"creationInfo\": {\n        \"creators\": [\n            \"Tool: pip-sbom/0.0.1a2 (DO-NOT-USE-IN-PRODUCTION)\"\n        ],\n        \"created\": \"2023-07-18T19:40:33.092083+00:00Z\",\n        \"licenseListVersion\": \"3.20\"\n    },\n    \"dataLicense\": \"CC0-1.0\",\n    \"SPDXID\": \"SPDXRef-DOCUMENT\",\n    \"name\": \"UNSET\",\n    \"packages\": [\n        {\n            \"SPDXID\": \"SPDXRef-Package-packaging-23.1\",\n            \"name\": \"packaging\",\n            \"downloadLocation\": \"https://files.pythonhosted.org/packages/ab/c3/57f0601a2d4fe15de7a553c00adbc901425661bf048f2a22dfc500caf121/packaging-23.1-py3-none-any.whl\",\n            \"versionInfo\": \"23.1\",\n            \"checksums\": [\n                {\n                    \"algorithm\": \"SHA256\",\n                    \"checksumValue\": \"994793af429502c4ea2ebf6bf664629d07c1a9fe974af92966e4b8d2df7edc61\"\n                }\n            ],\n            \"primaryPackagePurpose\": \"LIBRARY\",\n            \"externalRefs\": [\n                {\n                    \"referenceCategory\": \"PACKAGE-MANAGER\",\n                    \"referenceType\": \"purl\",\n                    \"referenceLocator\": \"pkg:pypi/packaging@23.1\"\n                }\n            ]\n        },\n        ...\n    ]\n}\n```\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsethmlarson%2Fpip-sbom","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsethmlarson%2Fpip-sbom","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsethmlarson%2Fpip-sbom/lists"}