{"id":20099059,"url":"https://github.com/spack/spack-sbom","last_synced_at":"2025-07-17T16:37:25.402Z","repository":{"id":76702528,"uuid":"432875421","full_name":"spack/spack-sbom","owner":"spack","description":"Generate a software bill of materials (SBOM) for a spack package","archived":false,"fork":false,"pushed_at":"2021-11-30T00:40:25.000Z","size":16,"stargazers_count":3,"open_issues_count":3,"forks_count":3,"subscribers_count":6,"default_branch":"main","last_synced_at":"2025-04-21T00:28:59.118Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/spack.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-11-29T02:01:32.000Z","updated_at":"2025-01-19T01:43:30.000Z","dependencies_parsed_at":null,"dependency_job_id":"8dd454b5-239d-46b1-84a8-8df81804b076","html_url":"https://github.com/spack/spack-sbom","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/spack/spack-sbom","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spack%2Fspack-sbom","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spack%2Fspack-sbom/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spack%2Fspack-sbom/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spack%2Fspack-sbom/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/spack","download_url":"https://codeload.github.com/spack/spack-sbom/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spack%2Fspack-sbom/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265630602,"owners_count":23801631,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-13T17:07:58.433Z","updated_at":"2025-07-17T16:37:25.394Z","avatar_url":"https://github.com/spack.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Spack SBOM\n\nA dummy example of generating a Software Bill of Materials ([SBOM](https://www.ntia.gov/SBOM)) for a spack package.\n\n## Usage\n\nMake sure that spack is on your path, and then do:\n\n```bash\n$ spack python spack-sbom.py zlib\n```\n```\n{\n \"bomFormat\": \"CycloneDX\",\n \"specVersion\": \"1.3\",\n \"serialNumber\": \"urn:uuid:2dbecd32-b9bf-4679-bacd-87efba4ef557\",\n \"version\": 1,\n \"metadata\": {\n \"timestamp\": \"2021-11-28T18:56:11Z\",\n \"tools\": [\n {\n \"vendor\": \"Lawrence Livermore National Lab\",\n \"name\": \"Spack\",\n \"version\": \"0.16.0-3994-d9ea572a4b\"\n }\n ],\n \"authors\": [\n {\n \"name\": \"@vsoch\",\n \"email\": \"vsoch@users.noreply.github.com\"\n }\n ],\n \"component\": {\n \"type\": \"lib\",\n \"scope\": \"required\",\n \"name\": \"zlib\",\n \"mime-type\": \"application/vnd.spack.package\",\n \"group\": \"spack.io\",\n \"version\": \"1.2.11\",\n \"bom-ref\": \"zlib@1.2.11%gcc@9.3.0+optimize+pic+shared arch=linux-ubuntu20.04-skylake\",\n \"description\": \"A free, general-purpose, legally unencumbered lossless data-compression\\nlibrary.\\n\",\n \"hashes\": [\n {\n \"alg\": \"SHA-256\",\n \"cotent\": \"c3e5e9fdd5004dcb542feda5ee4f0ff0744628baf8ed2dd5d66f8ca1197cb1a1\"\n }\n ],\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://zlib.net/fossils/zlib-1.2.11.tar.gz\"\n }\n ],\n \"properties\": {\n \"spack:build_hash\": \"3kmnsdv36qxm3slmcyrb326gkghsp6px\",\n \"spack:dag_hash\": \"3kmnsdv36qxm3slmcyrb326gkghsp6px\",\n \"spack:spec\": \"zlib@1.2.11%gcc@9.3.0+optimize+pic+shared arch=linux-ubuntu20.04-skylake\",\n \"spack:build_spec\": \"zlib@1.2.11%gcc@9.3.0+optimize+pic+shared arch=linux-ubuntu20.04-skylake\",\n \"spack:architecture\": \"linux-ubuntu20.04-skylake\",\n \"spack:variants\": \"+optimize+pic+shared\",\n \"spack:compiler\": \"gcc@9.3.0\"\n }\n },\n \"licenses\": [\n {\n \"license\": {\n \"name\": \"MIT\"\n }\n },\n {\n \"license\": {\n \"name\": \"Apache-2.0\"\n }\n }\n ]\n },\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://github.com/spack/spack\"\n },\n {\n \"type\": \"website\",\n \"url\": \"https://spack.github.io/packages\"\n }\n ]\n}\n\n```\n\nA few [examples](examples) are provided, each generated as follows:\n\n```bash\n$ spack python spack-sbom.py zlib \u003e examples/zlib.json\n```\n\nAnd that's it! If you have any feedback, please [open an issue](https://github.com/spack/spack-sbom/issues).\nIt's not clear if this will ever be desired by the spack community (and if so, when) so in the meantime it can\nlive here as a little spack script that is fairly easy to use if you need it. Please open an issue for discussion\nor suggesting changes!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fspack%2Fspack-sbom","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fspack%2Fspack-sbom","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fspack%2Fspack-sbom/lists"}