anthonyharrison / sbom4files Goto Github PK
View Code? Open in Web Editor NEWSBOM generator for files within a directory
License: Apache License 2.0
SBOM generator for files within a directory
License: Apache License 2.0
I have created docker based sbom4files Please have a look : https://hub.docker.com/r/netwrkspider/sbom4files
The CycloneDX json files created by sbom4files generate hashes like this:
"hashes": [
{
"alg": "SHA1",
"content": "9ffc0d3f5c8be409335699037ac8bafbda9e940c"
},
{
"alg": "SHA256",
"content": "b97a4c91d68acb2ba07a382e4849ef86f156459b85dfe6dbac104332d782fe1e"
},
{
"alg": "SHA512",
"content": "7f4ba8017754306f4ac93b71b736c7efe14920ff735cb8b189518018f68508ab31ca1d0dbf6a0dfbdd0349f981e8e65564dd14a1ab051b7fd9cffc8e47e4be97"
}
],
However, the tools from CycloneDX have a problem with the "alg" names - they expect "SHA-1", "SHA-256", "SHA-512" (i.e. with a '-' sign after SHA).
It looks like sbom4files does not conform to the specification. See here for details: https://cyclonedx.org/docs/1.5/json/#components_items_hashes_items_alg
Thanks!
When running the "-r" option on a large project folder (with many sub directory levels) on Windows 11, the execution bombs out with the following error below.
In particular, the open source project it was ran against at the top level was: https://github.com/awslabs/visual-asset-management-system
This was run against a clean Git clone (before NPM installs)
Traceback (most recent call last):
File "C:\Program Files\Python310\lib\runpy.py", line 196, in _run_module_as_main
return _run_code(code, main_globals, None,
File "C:\Program Files\Python310\lib\runpy.py", line 86, in _run_code
exec(code, run_globals)
File "C:\Program Files\Python310\Scripts\sbom4files.exe\__main__.py", line 7, in <module>
File "C:\Program Files\Python310\lib\site-packages\sbom4files\cli.py", line 170, in main
if file_scanner.scan_file(entry):
File "C:\Program Files\Python310\lib\site-packages\sbom4files\filescanner.py", line 157, in scan_file
mimetype = magic.from_file(str(filename), mime=True)
File "C:\Program Files\Python310\lib\site-packages\magic\magic.py", line 135, in from_file
return m.from_file(filename)
File "C:\Program Files\Python310\lib\site-packages\magic\magic.py", line 91, in from_file
return self._handle509Bug(e)
File "C:\Program Files\Python310\lib\site-packages\magic\magic.py", line 100, in _handle509Bug
raise e
File "C:\Program Files\Python310\lib\site-packages\magic\magic.py", line 89, in from_file
return maybe_decode(magic_file(self.cookie, filename))
File "C:\Program Files\Python310\lib\site-packages\magic\magic.py", line 255, in magic_file
return _magic_file(cookie, coerce_filename(filename))
File "C:\Program Files\Python310\lib\site-packages\magic\magic.py", line 196, in errorcheck_null
raise MagicException(err)
magic.magic.MagicException: b"line I64u: regex error 14 for `^[[:space:]]*class[[:space:]]+[[:digit:][:alpha:]:_]+[[:space:]]*\\{(.*[\n]*)*\\}(;)?$', (failed to get memory)"
Hi,
python: version 3.11.3
o/s: Windows 10
I installed the sbom4files as instructions. Tried to run it and received the following error:
Traceback (most recent call last):
File "", line 198, in run_module_as_main
File "", line 88, in run_code
File "\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.11_qbz5n2kfra8p0\LocalCache\local-packages\Python311\Scripts\sbom4files.exe_main.py", line 4, in
File "\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.11_qbz5n2kfra8p0\LocalCache\local-packages\Python311\site-packages\sbom4files\cli.py", line 16, in
from sbom4files.filescanner import FileScanner
File "\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.11_qbz5n2kfra8p0\LocalCache\local-packages\Python311\site-packages\sbom4files\filescanner.py", line 7, in
import magic
File "\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.11_qbz5n2kfra8p0\LocalCache\local-packages\Python311\site-packages\magic_init.py", line 209, in
libmagic = loader.load_lib()
^^^^^^^^^^^^^^^^^
File "\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.11_qbz5n2kfra8p0\LocalCache\local-packages\Python311\site-packages\magic\loader.py", line 49, in load_lib
raise ImportError('failed to find libmagic. Check your installation')
ImportError: failed to find libmagic. Check your installation
Hi,
if you try to process a directory like "C:\My Folder\My Project" sbom4files fails because of the blank space in the path.
The error is:
sbom4files: error: unrecognized arguments: Folder
In Windows environment it's common to fix that using double quotes. Something like this:
sbom4files -d "C:\My Folder\My Project" -p MyProject -r --sbom cyclonedx --format json
I tried single quotes too. It didn't work.
sbom4files -d 'C:\My Folder\My Project' -p MyProject -r --sbom cyclonedx --format json
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.