Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/nightlark/anchore-syft-wheel

Python wheels for installing Anchore's Syft tool for generating a Software Bill of Materials
https://github.com/nightlark/anchore-syft-wheel

pypi-package python sbom sbom-generator software-bill-of-materials syft

Last synced: 3 days ago
JSON representation

Python wheels for installing Anchore's Syft tool for generating a Software Bill of Materials

Host: GitHub
URL: https://github.com/nightlark/anchore-syft-wheel
Owner: nightlark
License: apache-2.0
Created: 2023-03-14T02:32:24.000Z (over 1 year ago)
Default Branch: main
Last Pushed: 2024-10-29T00:25:49.000Z (17 days ago)
Last Synced: 2024-10-29T01:24:50.411Z (17 days ago)
Topics: pypi-package, python, sbom, sbom-generator, software-bill-of-materials, syft
Language: Python
Homepage:
Size: 70.3 KB
Stars: 1
Watchers: 2
Forks: 1
Open Issues: 20
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        Syft Python Distributions

=========================

[![PyPI](https://img.shields.io/pypi/v/anchore-syft.svg)](https://pypi.org/project/anchore-syft)

A project that packages Syft as a Python package, enabling `syft` to be installed from PyPI:

```sh

pip install anchore_syft

```

Afterwards, Syft can be run using either `syft` or `anchore_syft`.

PyPI package versions will follow the `major.minor.patch` version numbers of Syft releases.

Binary wheels for Windows, macOS, and Linux for most CPU architectures supported on PyPI are provided.

[Syft PyPI Package Homepage](https://github.com/nightlark/anchore-syft-wheel)

[Syft Source Code](https://github.com/anchore/syft)

[Syft License](https://github.com/anchore/syft/blob/main/LICENSE): Apache-2.0

Installing Syft

===============

Syft can be installed by pip with:

```sh

pip install anchore_syft

```

or:

```sh

python -m pip install anchore_syft

```

Building from the source dist package requires internet access in order to download one of the pre-compiled release binaries from .

Platforms that Syft doesn't provide pre-compiled binaries for will not work at all, unless someone feels inclined to submit a PR that fetches an appropriate Go compiler

to build Syft from source.

Using with pipx

===============

Using `pipx run anchore_syft ` will run Syft without any install step, as long as the machine has pipx installed (which includes GitHub Actions runners).

Using with pyproject.toml

=========================

Syft can be added to the `project.dependencies` key in a pyproject.toml file for Python packages that require Syft.

```toml

[project]

dependencies = ["anchore_syft"]

```

License

=======

The code for this project is covered by the [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0). Source distributions do not include a copy of the Syft source code or binaries. Binary wheels include a compiled Syft binary, which also falls under the Apache 2.0 license.

Syft is distributed under the [Apache License, Version 2.0](https://github.com/anchore/syft/blob/main/LICENSE). For more information about Syft, visit [https://github.com/anchore/syft](https://github.com/anchore/syft)