使用Conan为C/C++项目创建CycloneDX软件物料清单(SBOM)文档
项目描述
CycloneDX Conan SBOM生成工具
支持Conan v2及更高版本
CycloneDX对Conan2的支持作为官方的Conan2扩展可用。
请参阅conan-extensions sbom命令。
本项目为使用Conan v1的C/C++项目生成CycloneDX物料清单(BOM)JSON文档的工具。
BOM将包含您当前项目的所有依赖项的汇总,包括完整的依赖关系图。
CycloneDX是一种轻量级的BOM规范,易于创建、易于阅读且易于解析。
请注意:此工具迄今为止仅测试过Conan v1.14。
安装
您可以使用您首选的Python包管理器从PyPi.org安装此工具。
使用pip的示例
pip install cyclonedx-conan
使用poetry的示例
poetry add cyclonedx-conan
使用方法
安装后,您可以通过运行--help来访问完整文档。
命令行选项与标准Conan选项对齐。
$ cyclonedx-conan --help
usage: cyclonedx-conan [-h] [-if INSTALL_FOLDER] [-db [DRY_BUILD]]
[--output FILE_PATH] [--exclude-dev]
[-b [BUILD]] [-r REMOTE] [-u]
[-l LOCKFILE] [--lockfile-out LOCKFILE_OUT]
[-e ENV_HOST] [-e:b ENV_BUILD] [-e:h ENV_HOST]
[-o OPTIONS_HOST] [-o:b OPTIONS_BUILD]
[-o:h OPTIONS_HOST] [-pr PROFILE_HOST]
[-pr:b PROFILE_BUILD] [-pr:h PROFILE_HOST]
[-s SETTINGS_HOST] [-s:b SETTINGS_BUILD]
[-s:h SETTINGS_HOST] [-c CONF_HOST] [-c:b CONF_BUILD]
[-c:h CONF_HOST]
path_or_reference
CycloneDX SBOM Generator
positional arguments:
path_or_reference Path to a folder containing a recipe (conanfile.py or conanfile.txt) or to a recipe file.
e.g., ./my_project/conanfile.txt. It could also be a reference
options:
-h, --help show this help message and exit
-if INSTALL_FOLDER, --install-folder INSTALL_FOLDER
local folder containing the conaninfo.txt and conanbuildinfo.txt files (from a previous conan install execution).
Defaulted to current folder, unless --profile, -s or -o is specified.
If you specify both install-folder and any setting/option it will raise an error.
-db [DRY_BUILD], --dry-build [DRY_BUILD]
Apply the --build argument to output the information, as it would be done by the install command
--output FILE_PATH
Output file path for your SBOM (set to '-' to output to STDOUT)
--exclude-dev Exclude development dependencies from the BOM
-b [BUILD], --build [BUILD]
Given a build policy, return an ordered list of packages that would be built from sources during the install command
-r REMOTE, --remote REMOTE
Look in the specified remote server
-u, --update Will check if updates of the dependencies exist in the remotes
(a new version that satisfies a version range, a new revision or a newer recipe if not using revisions).
-l LOCKFILE, --lockfile LOCKFILE
Path to a lockfile
--lockfile-out LOCKFILE_OUT
Filename of the updated lockfile
-e ENV_HOST, --env ENV_HOST
Environment variables that will be set during the package build (host machine).
e.g.: -e CXX=/usr/bin/clang++
-e:b ENV_BUILD, --env:build ENV_BUILD
Environment variables that will be set during the package build (build machine).
e.g.: -e:b CXX=/usr/bin/clang++
-e:h ENV_HOST, --env:host ENV_HOST
Environment variables that will be set during the package build (host machine).
e.g.: -e:h CXX=/usr/bin/clang++
-o OPTIONS_HOST, --options OPTIONS_HOST
Define options values (host machine),
e.g.: -o Pkg:with_qt=true
-o:b OPTIONS_BUILD, --options:build OPTIONS_BUILD
Define options values (build machine),
e.g.: -o:b Pkg:with_qt=true
-o:h OPTIONS_HOST, --options:host OPTIONS_HOST
Define options values (host machine),
e.g.: -o:h Pkg:with_qt=true
-pr PROFILE_HOST, --profile PROFILE_HOST
Apply the specified profile to the host machine
-pr:b PROFILE_BUILD, --profile:build PROFILE_BUILD
Apply the specified profile to the build machine
-pr:h PROFILE_HOST, --profile:host PROFILE_HOST
Apply the specified profile to the host machine
-s SETTINGS_HOST, --settings SETTINGS_HOST
Settings to build the package, overwriting the defaults (host machine).
e.g.: -s compiler=gcc
-s:b SETTINGS_BUILD, --settings:build SETTINGS_BUILD
Settings to build the package, overwriting the defaults (build machine).
e.g.: -s:b compiler=gcc
-s:h SETTINGS_HOST, --settings:host SETTINGS_HOST
Settings to build the package, overwriting the defaults (host machine).
e.g.: -s:h compiler=gcc
-c CONF_HOST, --conf CONF_HOST
Configuration to build the package, overwriting the defaults (host machine).
e.g.: -c tools.cmake.cmaketoolchain:generator=Xcode
-c:b CONF_BUILD, --conf:build CONF_BUILD
Configuration to build the package, overwriting the defaults (build machine).
e.g.: -c:b tools.cmake.cmaketoolchain:generator=Xcode
-c:h CONF_HOST, --conf:host CONF_HOST
Configuration to build the package, overwriting the defaults (host machine).
e.g.: -c:h tools.cmake.cmaketoolchain:generator=Xcode
Python支持
我们致力于支持所有当前活跃支持的Python版本的所有功能。然而,由于某些旧版Python版本缺乏支持,一些功能可能不可用。
贡献
欢迎提交拉取请求。但请首先阅读CycloneDX贡献指南。
通常预期拉取请求将包括相关测试。测试会自动在Windows、MacOS和Linux上为每个拉取请求运行。
感谢Gitpod,有两种简单的方法可以创建带有VS Code的开发环境。
您可以在浏览器中打开Gitpod托管的开发环境。或者,您可以通过运行localdev.sh脚本(需要Docker)来启动OpenVSCode Server的本地实例。
版权 & 许可
CycloneDX BOM版权所有(c)OWASP基金会。版权所有。
修改和重新分发的许可在Apache 2.0许可条款下授予。
有关完整许可证,请参阅LICENSE文件。
下载文件
下载适用于您平台的文件。如果您不确定选择哪个,请了解更多关于安装包的信息。
源分发
cyclonedx_conan-0.4.1.tar.gz (10.0 kB 查看哈希值)
构建分发
cyclonedx_conan-0.4.1-py3-none-any.whl (15.6 kB 查看哈希值)
关闭
cyclonedx_conan-0.4.1.tar.gz的哈希值
| 算法 | 哈希摘要 | |
|---|---|---|
| SHA256 | 379d32ad03d194c375faa2b6399c7272beb9918846bb8049ef549ac1ea2276b3 |
|
| MD5 | c9ec54124bcc3e956a330a2659a8121b |
|
| BLAKE2b-256 | 8d87688328fb5aaa82777f853d3d0126f5fcf7cde58164a6b6f8c0b6dbb16936 |
关闭
cyclonedx_conan-0.4.1-py3-none-any.whl 的哈希值
| 算法 | 哈希摘要 | |
|---|---|---|
| SHA256 | df0192b7081d0147d2c1426dc96351b7217f2884770476fe6abc0ca1ba5d66d7 |
|
| MD5 | aad89b1b33084e23c92c0201014857d3 |
|
| BLAKE2b-256 | 3c8e2608a3e8942490e74ea1618804c0e598bb3e41c0a786662a6672f4c325bd |