https://github.com/cyclonedx/gh-python-generate-sbom

GitHub action to generate a CycloneDX SBOM for Python
https://github.com/cyclonedx/gh-python-generate-sbom

bill-of-materials bom cyclonedx github-action owasp python python3 sbom sbom-generator software-bill-of-materials

Last synced: 8 months ago
JSON representation

GitHub action to generate a CycloneDX SBOM for Python

• Host: GitHub
• URL: https://github.com/cyclonedx/gh-python-generate-sbom
• Owner: CycloneDX
• License: apache-2.0
• Created: 2020-07-13T11:58:49.000Z (over 5 years ago)
• Default Branch: master
• Last Pushed: 2024-07-15T17:42:36.000Z (over 1 year ago)
• Last Synced: 2024-11-11T15:41:58.519Z (about 1 year ago)
• Topics: bill-of-materials, bom, cyclonedx, github-action, owasp, python, python3, sbom, sbom-generator, software-bill-of-materials
• Language: JavaScript
• Homepage:
• Size: 118 KB
• Stars: 13
• Watchers: 6
• Forks: 4
• Open Issues: 4
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
> [!NOTE]

> This GitHub Action is considered deprecated.  

> Instead, you may use the underlying tool directly: [cyclonedx-bom](https://pypi.org/project/cyclonedx-bom/)

> ```yaml      

> - name: Install SBOM tool

>   run: pipx install cyclonedx-bom

> - name: Create SBOM step

>   # see for usage: https://pypi.org/project/cyclonedx-bom/

>   run: cyclonedx-py --help

> ```

----

# GitHub action to generate a CycloneDX SBOM for Python

[![Website](https://img.shields.io/badge/https://-cyclonedx.org-blue.svg)](https://cyclonedx.org/)

[![Slack Invite](https://img.shields.io/badge/Slack-Join-blue?logo=slack&labelColor=393939)](https://cyclonedx.org/slack/invite)

[![Group Discussion](https://img.shields.io/badge/discussion-groups.io-blue.svg)](https://groups.io/g/CycloneDX)

[![Twitter](https://img.shields.io/twitter/url/http/shields.io.svg?style=social&label=Follow)](https://twitter.com/CycloneDX_Spec)

## Inputs

### `input`

The path to a pip requirements file, default is "./requirements.txt"

Be sure to quote paths with spaces.

### `output`

Output filename, default is "./bom.xml"

Be sure to quote paths with spaces.

### `format`

Output format, one of "json"/"xml", default is "xml"

## Example usage

```yaml

- name: Generate Python SBOM

  uses: CycloneDX/gh-python-generate-sbom@v2

  with:

    input: ./requirements.txt

    output: ./bom.json

    format: json

```

----

## Internals

This GitHub ation depends on `cyclonedx-bom>=1.4.0,<4`. 

See [`cyclonedx-bom` on PyPI](https://pypi.org/project/cyclonedx-bom/).