[elbe-devel] [PATCH v5 4/7] elbepack: commands: add cyclonedx sbom generator

Eduard Krein eduard.krein at linutronix.de
Mon Jul 1 17:01:16 CEST 2024 

Add the initial skeleton of a Software Bill of Material generator
using OWASPs cyclonedx format in version 1.6.

Signed-off-by: Eduard Krein <eduard.krein at linutronix.de>
---
 elbepack/commands/cyclonedx-sbom.py | 57 +++++++++++++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100644 elbepack/commands/cyclonedx-sbom.py

diff --git a/elbepack/commands/cyclonedx-sbom.py b/elbepack/commands/cyclonedx-sbom.py
new file mode 100644
index 00000000..370bab22
--- /dev/null
+++ b/elbepack/commands/cyclonedx-sbom.py
@@ -0,0 +1,57 @@
+# ELBE - Debian Based Embedded Rootfilesystem Builder
+
+import datetime
+import json
+import optparse
+import os
+import sys
+
+from elbepack.elbexml import ElbeXML
+from elbepack.uuid7 import uuid7
+from elbepack.version import elbe_version
+
+
+class CycloneDXEncoder(json.JSONEncoder):
+    def default(self, obj):
+        if isinstance(obj, (datetime.date, datetime.datetime)):
+            return obj.isoformat()
+
+
+def run_command(argv):
+    oparser = optparse.OptionParser()
+    oparser.add_option('-d', dest='elbe_build')
+    options, args = oparser.parse_args()
+
+    ts = datetime.datetime.now()
+    project_dir = options.elbe_build
+    source_file = ElbeXML(os.path.join(project_dir, 'source.xml'))
+
+    project_name = source_file.text('/name').strip()
+    project_version = source_file.text('/version').strip()
+    project_description = source_file.text('/description').strip()
+
+    output = {
+        'bomFormat': 'CycloneDX',
+        'specVersion': '1.6',
+        'serialNumber': uuid7(ts).urn,
+        'version': 1,
+        'metadata': {
+          'timestamp': ts,
+          'tools': [
+            {
+              'vendor': 'Linutronix',
+              'name': 'Elbe',
+              'version': elbe_version,
+            },
+          ],
+          'component': {
+            'type': 'operating-system',
+            'name': project_name,
+            'version': project_version,
+            'description': project_description,
+          },
+        },
+    }
+
+    json.dump(output, sys.stdout, indent=2, cls=CycloneDXEncoder)
+    sys.stdout.write('\n')
-- 
2.39.2

More information about the elbe-devel mailing list