Skip to main content

Creates CycloneDX Software Bill of Materials (SBOM) documents for C/C++ projects using Conan

Project description

CycloneDX Conan SBOM Generation Tool

shield_pypi-version shield_gh-workflow-test shield_license
shield_website shield_slack shield_groups shield_twitter-follow


This project provides a tool for generating CycloneDX bill-of-material JSON documents for C/C++ projects using Conan.

The BOM will contain an aggregate of all your current project's dependencies, including a full dependency graph.

CycloneDX is a lightweight BOM specification that is easily created, human-readable, and simple to parse.

Please note: This tool has only been tested with Conan 1.14 so far.

Installation

Install this from PyPi.org using your preferred Python package manager.

Example using pip:

pip install cyclonedx-conan

Example using poetry:

poetry add cyclonedx-conan

Usage

Once installed, you can access the full documentation by running --help:

The command line options are aligned to the standard Conan options.

$ cyclonedx-conan --help
usage: cyclonedx-conan [-h] [-if INSTALL_FOLDER] [-db [DRY_BUILD]]
                       [--output FILE_PATH] [--exclude-dev]
                       [-b [BUILD]] [-r REMOTE] [-u]
                       [-l LOCKFILE] [--lockfile-out LOCKFILE_OUT]
                       [-e ENV_HOST] [-e:b ENV_BUILD] [-e:h ENV_HOST]
                       [-o OPTIONS_HOST] [-o:b OPTIONS_BUILD]
                       [-o:h OPTIONS_HOST] [-pr PROFILE_HOST]
                       [-pr:b PROFILE_BUILD] [-pr:h PROFILE_HOST]
                       [-s SETTINGS_HOST] [-s:b SETTINGS_BUILD]
                       [-s:h SETTINGS_HOST] [-c CONF_HOST] [-c:b CONF_BUILD]
                       [-c:h CONF_HOST]
                       path_or_reference

CycloneDX SBOM Generator

positional arguments:
  path_or_reference     Path to a folder containing a recipe (conanfile.py or conanfile.txt) or to a recipe file.
                        e.g., ./my_project/conanfile.txt. It could also be a reference

options:
  -h, --help            show this help message and exit
  -if INSTALL_FOLDER, --install-folder INSTALL_FOLDER
                        local folder containing the conaninfo.txt and conanbuildinfo.txt files (from a previous conan install execution).
                        Defaulted to current folder, unless --profile, -s or -o is specified.
                        If you specify both install-folder and any setting/option it will raise an error.
  -db [DRY_BUILD], --dry-build [DRY_BUILD]
                        Apply the --build argument to output the information, as it would be done by the install command
  --output FILE_PATH
                        Output file path for your SBOM (set to '-' to output to STDOUT)
  --exclude-dev         Exclude development dependencies from the BOM
  -b [BUILD], --build [BUILD]
                        Given a build policy, return an ordered list of packages that would be built from sources during the install command
  -r REMOTE, --remote REMOTE
                        Look in the specified remote server
  -u, --update          Will check if updates of the dependencies exist in the remotes 
                        (a new version that satisfies a version range, a new revision or a newer recipe if not using revisions).
  -l LOCKFILE, --lockfile LOCKFILE
                        Path to a lockfile
  --lockfile-out LOCKFILE_OUT
                        Filename of the updated lockfile
  -e ENV_HOST, --env ENV_HOST
                        Environment variables that will be set during the package build (host machine).
                        e.g.: -e CXX=/usr/bin/clang++
  -e:b ENV_BUILD, --env:build ENV_BUILD
                        Environment variables that will be set during the package build (build machine).
                        e.g.: -e:b CXX=/usr/bin/clang++
  -e:h ENV_HOST, --env:host ENV_HOST
                        Environment variables that will be set during the package build (host machine).
                        e.g.: -e:h CXX=/usr/bin/clang++
  -o OPTIONS_HOST, --options OPTIONS_HOST
                        Define options values (host machine),
                        e.g.: -o Pkg:with_qt=true
  -o:b OPTIONS_BUILD, --options:build OPTIONS_BUILD
                        Define options values (build machine),
                        e.g.: -o:b Pkg:with_qt=true
  -o:h OPTIONS_HOST, --options:host OPTIONS_HOST
                        Define options values (host machine),
                        e.g.: -o:h Pkg:with_qt=true
  -pr PROFILE_HOST, --profile PROFILE_HOST
                        Apply the specified profile to the host machine
  -pr:b PROFILE_BUILD, --profile:build PROFILE_BUILD
                        Apply the specified profile to the build machine
  -pr:h PROFILE_HOST, --profile:host PROFILE_HOST
                        Apply the specified profile to the host machine
  -s SETTINGS_HOST, --settings SETTINGS_HOST
                        Settings to build the package, overwriting the defaults (host machine).
                        e.g.: -s compiler=gcc
  -s:b SETTINGS_BUILD, --settings:build SETTINGS_BUILD
                        Settings to build the package, overwriting the defaults (build machine).
                        e.g.: -s:b compiler=gcc
  -s:h SETTINGS_HOST, --settings:host SETTINGS_HOST
                        Settings to build the package, overwriting the defaults (host machine).
                        e.g.: -s:h compiler=gcc
  -c CONF_HOST, --conf CONF_HOST
                        Configuration to build the package, overwriting the defaults (host machine).
                        e.g.: -c tools.cmake.cmaketoolchain:generator=Xcode
  -c:b CONF_BUILD, --conf:build CONF_BUILD
                        Configuration to build the package, overwriting the defaults (build machine).
                        e.g.: -c:b tools.cmake.cmaketoolchain:generator=Xcode
  -c:h CONF_HOST, --conf:host CONF_HOST
                        Configuration to build the package, overwriting the defaults (host machine).
                        e.g.: -c:h tools.cmake.cmaketoolchain:generator=Xcode

Python Support

We endeavour to support all functionality for all current actively supported Python versions. However, some features may not be possible/present in older Python versions due to their lack of support.

Contributing

Pull requests are welcome. But please read the CycloneDX contributing guidelines first.

It is generally expected that pull requests will include relevant tests. Tests are automatically run on Windows, MacOS and Linux for every pull request.

Thanks to Gitpod there are two really easy ways of creating a ready to go development environment with VS Code.

You can open a Gitpod hosted development environment in your browser. Or you can start a local instance of the OpenVSCode Server by running the localdev.sh script (requires Docker).

Open in Gitpod

Copyright & License

CycloneDX BOM is Copyright (c) OWASP Foundation. All Rights Reserved.
Permission to modify and redistribute is granted under the terms of the Apache 2.0 license.
See the LICENSE file for the full license.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cyclonedx_conan-0.4.0.tar.gz (9.9 kB view details)

Uploaded Source

Built Distribution

cyclonedx_conan-0.4.0-py3-none-any.whl (15.5 kB view details)

Uploaded Python 3

File details

Details for the file cyclonedx_conan-0.4.0.tar.gz.

File metadata

  • Download URL: cyclonedx_conan-0.4.0.tar.gz
  • Upload date:
  • Size: 9.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.8.0 pkginfo/1.9.6 readme-renderer/40.0 requests/2.31.0 requests-toolbelt/1.0.0 urllib3/2.0.4 tqdm/4.65.0 importlib-metadata/6.8.0 keyring/24.2.0 rfc3986/2.0.0 colorama/0.4.6 CPython/3.10.12

File hashes

Hashes for cyclonedx_conan-0.4.0.tar.gz
Algorithm Hash digest
SHA256 db19757eaebf890d75b376c79dc13254fe22a763f42b0babddae9eb4b930fdfb
MD5 4e39bca0a7ef67bf8d618c3ecf1f6a5d
BLAKE2b-256 d7fdbdccbf5e92823b4c8c428a6f804f7bc1687b1dafdc085015e74d9e97bb3d

See more details on using hashes here.

File details

Details for the file cyclonedx_conan-0.4.0-py3-none-any.whl.

File metadata

  • Download URL: cyclonedx_conan-0.4.0-py3-none-any.whl
  • Upload date:
  • Size: 15.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.8.0 pkginfo/1.9.6 readme-renderer/40.0 requests/2.31.0 requests-toolbelt/1.0.0 urllib3/2.0.4 tqdm/4.65.0 importlib-metadata/6.8.0 keyring/24.2.0 rfc3986/2.0.0 colorama/0.4.6 CPython/3.10.12

File hashes

Hashes for cyclonedx_conan-0.4.0-py3-none-any.whl
Algorithm Hash digest
SHA256 e9720cc5810cd3c84f1285a1bcede0d88cc3a0fa5b8ed5f82868a49cbef75600
MD5 8937437de3b785a2d39169292b2c9f39
BLAKE2b-256 401910381d4783681d92f5e5458ee040701bd9c4129f2bea75d5343397d71bf5

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page