Creates CycloneDX Software Bill of Materials (SBOM) documents for C/C++ projects using Conan
Project description
CycloneDX Conan SBOM Generation Tool
This project provides a tool for generating CycloneDX bill-of-material JSON documents for C/C++ projects using Conan.
The BOM will contain an aggregate of all your current project's dependencies, including a full dependency graph.
CycloneDX is a lightweight BOM specification that is easily created, human-readable, and simple to parse.
Please note: This tool has only been tested with Conan 1.14 so far.
Installation
Install this from PyPi.org using your preferred Python package manager.
Example using pip
:
pip install cyclonedx-conan
Example using poetry
:
poetry add cyclonedx-conan
Usage
Once installed, you can access the full documentation by running --help
:
The command line options are aligned to the standard Conan options.
$ cyclonedx-conan --help
usage: cyclonedx-conan [-h] [-if INSTALL_FOLDER] [-db [DRY_BUILD]]
[--output FILE_PATH] [--exclude-dev]
[-b [BUILD]] [-r REMOTE] [-u]
[-l LOCKFILE] [--lockfile-out LOCKFILE_OUT]
[-e ENV_HOST] [-e:b ENV_BUILD] [-e:h ENV_HOST]
[-o OPTIONS_HOST] [-o:b OPTIONS_BUILD]
[-o:h OPTIONS_HOST] [-pr PROFILE_HOST]
[-pr:b PROFILE_BUILD] [-pr:h PROFILE_HOST]
[-s SETTINGS_HOST] [-s:b SETTINGS_BUILD]
[-s:h SETTINGS_HOST] [-c CONF_HOST] [-c:b CONF_BUILD]
[-c:h CONF_HOST]
path_or_reference
CycloneDX SBOM Generator
positional arguments:
path_or_reference Path to a folder containing a recipe (conanfile.py or conanfile.txt) or to a recipe file.
e.g., ./my_project/conanfile.txt. It could also be a reference
options:
-h, --help show this help message and exit
-if INSTALL_FOLDER, --install-folder INSTALL_FOLDER
local folder containing the conaninfo.txt and conanbuildinfo.txt files (from a previous conan install execution).
Defaulted to current folder, unless --profile, -s or -o is specified.
If you specify both install-folder and any setting/option it will raise an error.
-db [DRY_BUILD], --dry-build [DRY_BUILD]
Apply the --build argument to output the information, as it would be done by the install command
--output FILE_PATH
Output file path for your SBOM (set to '-' to output to STDOUT)
--exclude-dev Exclude development dependencies from the BOM
-b [BUILD], --build [BUILD]
Given a build policy, return an ordered list of packages that would be built from sources during the install command
-r REMOTE, --remote REMOTE
Look in the specified remote server
-u, --update Will check if updates of the dependencies exist in the remotes
(a new version that satisfies a version range, a new revision or a newer recipe if not using revisions).
-l LOCKFILE, --lockfile LOCKFILE
Path to a lockfile
--lockfile-out LOCKFILE_OUT
Filename of the updated lockfile
-e ENV_HOST, --env ENV_HOST
Environment variables that will be set during the package build (host machine).
e.g.: -e CXX=/usr/bin/clang++
-e:b ENV_BUILD, --env:build ENV_BUILD
Environment variables that will be set during the package build (build machine).
e.g.: -e:b CXX=/usr/bin/clang++
-e:h ENV_HOST, --env:host ENV_HOST
Environment variables that will be set during the package build (host machine).
e.g.: -e:h CXX=/usr/bin/clang++
-o OPTIONS_HOST, --options OPTIONS_HOST
Define options values (host machine),
e.g.: -o Pkg:with_qt=true
-o:b OPTIONS_BUILD, --options:build OPTIONS_BUILD
Define options values (build machine),
e.g.: -o:b Pkg:with_qt=true
-o:h OPTIONS_HOST, --options:host OPTIONS_HOST
Define options values (host machine),
e.g.: -o:h Pkg:with_qt=true
-pr PROFILE_HOST, --profile PROFILE_HOST
Apply the specified profile to the host machine
-pr:b PROFILE_BUILD, --profile:build PROFILE_BUILD
Apply the specified profile to the build machine
-pr:h PROFILE_HOST, --profile:host PROFILE_HOST
Apply the specified profile to the host machine
-s SETTINGS_HOST, --settings SETTINGS_HOST
Settings to build the package, overwriting the defaults (host machine).
e.g.: -s compiler=gcc
-s:b SETTINGS_BUILD, --settings:build SETTINGS_BUILD
Settings to build the package, overwriting the defaults (build machine).
e.g.: -s:b compiler=gcc
-s:h SETTINGS_HOST, --settings:host SETTINGS_HOST
Settings to build the package, overwriting the defaults (host machine).
e.g.: -s:h compiler=gcc
-c CONF_HOST, --conf CONF_HOST
Configuration to build the package, overwriting the defaults (host machine).
e.g.: -c tools.cmake.cmaketoolchain:generator=Xcode
-c:b CONF_BUILD, --conf:build CONF_BUILD
Configuration to build the package, overwriting the defaults (build machine).
e.g.: -c:b tools.cmake.cmaketoolchain:generator=Xcode
-c:h CONF_HOST, --conf:host CONF_HOST
Configuration to build the package, overwriting the defaults (host machine).
e.g.: -c:h tools.cmake.cmaketoolchain:generator=Xcode
Python Support
We endeavour to support all functionality for all current actively supported Python versions. However, some features may not be possible/present in older Python versions due to their lack of support.
Contributing
Pull requests are welcome. But please read the CycloneDX contributing guidelines first.
It is generally expected that pull requests will include relevant tests. Tests are automatically run on Windows, MacOS and Linux for every pull request.
Thanks to Gitpod there are two really easy ways of creating a ready to go development environment with VS Code.
You can open a Gitpod hosted development environment in your browser. Or you
can start a local instance of the OpenVSCode Server by running the
localdev.sh
script (requires Docker).
Copyright & License
CycloneDX BOM is Copyright (c) OWASP Foundation. All Rights Reserved.
Permission to modify and redistribute is granted under the terms of the Apache 2.0 license.
See the LICENSE file for the full license.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file cyclonedx_conan-0.4.0.tar.gz
.
File metadata
- Download URL: cyclonedx_conan-0.4.0.tar.gz
- Upload date:
- Size: 9.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.8.0 pkginfo/1.9.6 readme-renderer/40.0 requests/2.31.0 requests-toolbelt/1.0.0 urllib3/2.0.4 tqdm/4.65.0 importlib-metadata/6.8.0 keyring/24.2.0 rfc3986/2.0.0 colorama/0.4.6 CPython/3.10.12
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | db19757eaebf890d75b376c79dc13254fe22a763f42b0babddae9eb4b930fdfb |
|
MD5 | 4e39bca0a7ef67bf8d618c3ecf1f6a5d |
|
BLAKE2b-256 | d7fdbdccbf5e92823b4c8c428a6f804f7bc1687b1dafdc085015e74d9e97bb3d |
File details
Details for the file cyclonedx_conan-0.4.0-py3-none-any.whl
.
File metadata
- Download URL: cyclonedx_conan-0.4.0-py3-none-any.whl
- Upload date:
- Size: 15.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.8.0 pkginfo/1.9.6 readme-renderer/40.0 requests/2.31.0 requests-toolbelt/1.0.0 urllib3/2.0.4 tqdm/4.65.0 importlib-metadata/6.8.0 keyring/24.2.0 rfc3986/2.0.0 colorama/0.4.6 CPython/3.10.12
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | e9720cc5810cd3c84f1285a1bcede0d88cc3a0fa5b8ed5f82868a49cbef75600 |
|
MD5 | 8937437de3b785a2d39169292b2c9f39 |
|
BLAKE2b-256 | 401910381d4783681d92f5e5458ee040701bd9c4129f2bea75d5343397d71bf5 |