pyCycloneFlow

Outil CLI Python qui génère des fichiers SBOM conformes CycloneDX v1.7 depuis des manifestes de dépendances.

Installation

git clone https://github.com/flo26/pycycloneflow.git
cd pycycloneflow
pip install -r requirements.txt

Prérequis : Python 3.13+

Usage

py main.py --pip pip_list.txt -o sbom.json        # vers fichier
py main.py --pip pip_list.txt -o -                # vers stdout (pipe-friendly)
py main.py --gomod go.mod --pip requirements.txt -o -  # multi-parser
py main.py --pip pip_list.txt -v                  # verbose

Subprocess-friendly

stdout = JSON pur, stderr = logs, exit 0/1. Appelable depuis Go, bash, ou tout autre langage :

py main.py --pip scanner.txt -o - | jq '.components | length'

cmd := exec.Command("py", "main.py", "--pip", pipPath, "-o", "-")
out, _ := cmd.Output()   // stdout = JSON pur

Écosystèmes supportés

Source	Arg CLI	Format	PURL généré	État
Python	--pip	pip list / requirements.txt	pkg:pypi/requests@2.31.0	✅
Go	--gomod	go.mod	pkg:golang/github.com/gin-gonic/gin@v1.9.1	✅
PHP	--composer	composer.lock	pkg:composer/laravel/framework@10.0.0	✅
Node.js	--npm	package-lock.json	pkg:npm/express@4.18.2	✅
Docker	--dockerfile	Dockerfile	pkg:docker/library/nginx@1.25	✅
Woodpecker CI	--woodpecker	.woodpecker.yml	pkg:docker/library/alpine@latest	✅
Alpine Linux	--apk	apk info -v	pkg:apk/busybox@1.36.1	✅
Debian/Ubuntu	--dpkg	dpkg -l	pkg:deb/openssl@3.0.11	✅

Tests

py -m unittest tests.test_opener

Standards

CycloneDX v1.7 — https://cyclonedx.org/docs/1.7/json/
PURL spec — https://github.com/package-url/purl-spec

Licence

MIT — voir LICENSE