{"id":22022330,"url":"https://github.com/sonatype-nexus-community/ossindex-python","last_synced_at":"2025-05-07T06:43:40.227Z","repository":{"id":43255848,"uuid":"405923171","full_name":"sonatype-nexus-community/ossindex-python","owner":"sonatype-nexus-community","description":"Python library for querying OSS Index","archived":false,"fork":false,"pushed_at":"2024-10-30T19:38:40.000Z","size":142,"stargazers_count":1,"open_issues_count":6,"forks_count":4,"subscribers_count":7,"default_branch":"main","last_synced_at":"2025-04-14T17:06:07.971Z","etag":null,"topics":["ossindex","software-composition-analysis","vulnerabilities"],"latest_commit_sha":null,"homepage":"https://ossindex-library.readthedocs.io/en/latest/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sonatype-nexus-community.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":"docs/support.rst","governance":null,"roadmap":null,"authors":null}},"created_at":"2021-09-13T10:11:08.000Z","updated_at":"2024-10-15T15:26:38.000Z","dependencies_parsed_at":"2023-12-19T16:08:29.544Z","dependency_job_id":"9db9c9cc-f2aa-4c60-bdca-084d36b02de5","html_url":"https://github.com/sonatype-nexus-community/ossindex-python","commit_stats":{"total_commits":50,"total_committers":6,"mean_commits":8.333333333333334,"dds":0.28,"last_synced_commit":"552a93a7876a638932e95cc5287f2efd30bc830c"},"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sonatype-nexus-community%2Fossindex-python","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sonatype-nexus-community%2Fossindex-python/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sonatype-nexus-community%2Fossindex-python/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sonatype-nexus-community%2Fossindex-python/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sonatype-nexus-community","download_url":"https://codeload.github.com/sonatype-nexus-community/ossindex-python/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252831176,"owners_count":21810779,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ossindex","software-composition-analysis","vulnerabilities"],"created_at":"2024-11-30T06:20:02.703Z","updated_at":"2025-05-07T06:43:40.209Z","avatar_url":"https://github.com/sonatype-nexus-community.png","language":"Python","readme":"\u003c!--\n\n    Copyright 2022-Present Sonatype Inc.\n\n    Licensed under the Apache License, Version 2.0 (the \"License\");\n    you may not use this file except in compliance with the License.\n    You may obtain a copy of the License at\n\n        http://www.apache.org/licenses/LICENSE-2.0\n\n    Unless required by applicable law or agreed to in writing, software\n    distributed under the License is distributed on an \"AS IS\" BASIS,\n    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n    See the License for the specific language governing permissions and\n    limitations under the License.\n\n--\u003e\n\n# Python Library for quering OSS Index\n\n![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/sonatype-nexus-community/ossindex-python/ci.yml?branch=main)\n![Python Version Support](https://img.shields.io/badge/python-3.6+-blue)\n![PyPI Version](https://img.shields.io/pypi/v/ossindex-lib?label=PyPI\u0026logo=pypi)\n[![Documentation](https://readthedocs.org/projects/ossindex-library/badge/?version=latest)](https://readthedocs.org/projects/ossindex-library)\n[![GitHub license](https://img.shields.io/github/license/sonatype-nexus-community/ossindex-python)](https://github.com/sonatype-nexus-community/ossindex-python/blob/main/LICENSE)\n[![GitHub issues](https://img.shields.io/github/issues/sonatype-nexus-community/ossindex-python)](https://github.com/sonatype-nexus-community/ossindex-python/issues)\n[![GitHub forks](https://img.shields.io/github/forks/sonatype-nexus-community/ossindex-python)](https://github.com/sonatype-nexus-community/ossindex-python/network)\n[![GitHub stars](https://img.shields.io/github/stars/sonatype-nexus-community/ossindex-python)](https://github.com/sonatype-nexus-community/ossindex-python/stargazers)\n\n----\n\nThis OSSIndex module for Python provides a common interface to querying the [OSS Index](https://ossindex.sonatype.org/).\n\nThis module is not designed for standalone use. If you're looking for a tool that can detect your application's dependencies\nand assess them for vulnerabilities against the OSS Index, perhaps you should check out \n[Jake](https://github.com/sonatype-nexus-community/jake).\n\nYou can of course use this library in your own applications.\n\n## Installation\n\nInstall from pypi.org as you would any other Python module:\n\n```\npip install ossindex-lib\n```\n\n## Usage\n\nFirst create an instance of `OssIndex`, optionally enabling local caching\n```\no = OssIndex()\n```\n\nThen supply a `List` of [PackageURL](https://github.com/package-url/packageurl-python) objects that you want to ask\nOSS Index about. If you don't want to care about generating this list yourself, perhaps look to a tool like [Jake](https://github.com/sonatype-nexus-community/jake)\n(which uses this library) and will do all the hard work for you!\n\nAs a quick test, you could run:\n```\nfrom ossindex.ossindex import OssIndex, PackageURL\nfrom ossindex.model import OssIndexComponent, Vulnerability\n\no = OssIndex()\nresults: List[OssIndexComponent] = o.get_component_report(packages=[\n    PackageURL.from_string(purl='pkg:pypi/pip@23.1.2')\n])\nfor r in results:\n    print(\"{}: {} known vulnerabilities\".format(r.coordinates, len(r.vulnerabilities)))\n    v: Vulnerability\n    for v in r.vulnerabilities:\n        print('    - {}'.format(str(v)))\n```\n\n... which would output something like ...\n```\npkg:pypi/pip@23.1.2: 1 known vulnerabilities\n    - \u003cVulnerability id=CVE-2018-20225, name=CVE-2018-20225, cvss_score=7.8\u003e\n```\n\n## Logging\n\nThis library send log events to a standard Python `logger` named `ossindex`. You can configure the logger to output as\nrequired through the standard [Python logging configuration](https://docs.python.org/3/library/logging.config.html).\n\n## Todos\n\n1. Support authentication against OSS Index\n\n## Python Support\n\nWe endeavour to support all functionality for all [current actively supported Python versions](https://www.python.org/downloads/).\nHowever, some features may not be possible/present in older Python versions due to their lack of support.\n\n## Changelog\n\nSee our [CHANGELOG](./CHANGELOG.md).\n\n## The Fine Print\n\nRemember:\n\nIt is worth noting that this is **NOT SUPPORTED** by Sonatype, and is a contribution of ours to the open source\ncommunity (read: you!)\n\n* Use this contribution at the risk tolerance that you have\n* Do NOT file Sonatype support tickets related to `ossindex-lib`\n* DO file issues here on GitHub, so that the community can pitch in\n\nPhew, that was easier than I thought. Last but not least of all - have fun!\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsonatype-nexus-community%2Fossindex-python","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsonatype-nexus-community%2Fossindex-python","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsonatype-nexus-community%2Fossindex-python/lists"}