haro87 / mdbom Goto Github PK
View Code? Open in Web Editor NEWSoftware Bill of Material (SBOM) to Markdown conversion
License: MIT License
Software Bill of Material (SBOM) to Markdown conversion
License: MIT License
Describe the bug
Installing mdbom
and mkdocs-material
creates a dependency conflict. While mdbom
requires Jinja2 version to be 2.X, mkdocs-material
requires 3.X.X
To Reproduce
Steps to reproduce the behavior:
> poetry add --dev mkdocs mkdocs-material
Using version ^1.3.1 for mkdocs
Using version ^8.5.1 for mkdocs-material
Updating dependencies
Resolving dependencies... (0.0s)
SolverProblemError
Because no versions of mkdocs-material match >8.5.1,<9.0.0
and mkdocs-material (8.5.1) depends on jinja2 (>=3.0.2), mkdocs-material (>=8.5.1,<9.0.0) requires jinja2 (>=3.0.2).
And because mdbom (0.3.0) depends on Jinja2 (>=2.11.3,<3.0.0)
and no versions of mdbom match >0.3.0,<0.4.0, mkdocs-material (>=8.5.1,<9.0.0) is incompatible with mdbom (>=0.3.0,<0.4.0).
So, because deathstar depends on both mdbom (^0.3.0) and mkdocs-material (^8.5.1), version solving failed.
at ~/sw/miniconda3/lib/python3.9/site-packages/poetry/puzzle/solver.py:241 in _solve
237│ packages = result.packages
238│ except OverrideNeeded as e:
239│ return self.solve_in_compatibility_mode(e.overrides, use_latest=use_latest)
240│ except SolveFailure as e:
→ 241│ raise SolverProblemError(e)
242│
243│ results = dict(
244│ depth_first_search(
245│ PackageNode(self._package, packages), aggregate_package_nodes
Expected behavior
Installaion succeeds.
System (please complete the following information):
Mardown SBOM
version: 0.3.0It would be great to have support for npm specific SBOMs.
Describe the bug
Using a freeze.txt file created by pip results in version key not found.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
MdBOM should run even if Info like Version is missing.
Screenshots
N.a.
System (please complete the following information):
MdBOM
version: [e.g. 0.3.0]Additional context
cyclonedx-bom version 3.6.0
Describe the bug
Sometimes the license information is empty. This should not happen.
To Reproduce
Hard to reproduce.
Expected behavior
If no license info is found then unknown
should be stated in the license info.
System (please complete the following information):
Mardown SBOM
version: 0.2.0mdBOM can be used to create the 3rd party documentation via mdBOM. You need to run:
poetry export -f requirements.txt --output freeze.txt --without-hashes
to get the requirements file which can be used as an input for cyclonedx-py.
It seems that the script can't find a template.md.jinja
file, causing a runtime error. This is on a macOS machine with Python installed via homebrew.
$ python3 --version
Python 3.10.6
$ pip3 install mdbom
[...]
$ mdb generate --input doc/bom/bom.json --output doc/bom/mdb.md --type npm
Traceback (most recent call last):
File "/opt/homebrew/bin/mdb", line 8, in <module>
sys.exit(cli())
File "/opt/homebrew/lib/python3.10/site-packages/click/core.py", line 1130, in __call__
return self.main(*args, **kwargs)
File "/opt/homebrew/lib/python3.10/site-packages/click/core.py", line 1055, in main
rv = self.invoke(ctx)
File "/opt/homebrew/lib/python3.10/site-packages/click/core.py", line 1657, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/opt/homebrew/lib/python3.10/site-packages/click/core.py", line 1404, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/opt/homebrew/lib/python3.10/site-packages/click/core.py", line 760, in invoke
return __callback(*args, **kwargs)
File "/opt/homebrew/lib/python3.10/site-packages/mdbom/mdbom.py", line 85, in generate
generate_markdown(
File "/opt/homebrew/lib/python3.10/site-packages/mdbom/md/md.py", line 27, in generate_markdown
with open(template, "r") as template_file:
FileNotFoundError: [Errno 2] No such file or directory: 'template.md.jinja'
I prefer Task over make
.
Instead of providing all relevant info like BOM file, template etc. it would be nice to be able to use a config file.
Use MkDocs instead of Sphinx for documentation.
Describe the bug
Following the steps outlined on https://haro87.github.io/mdbom/0.2.2/install/, I get the following error when trying to run the generation command:
Traceback (most recent call last):
File "c:\users\anthony.hunter.000\appdata\local\programs\python\python38\lib\runpy.py", line 192, in _run_module_as_main
return _run_code(code, main_globals, None,
File "c:\users\anthony.hunter.000\appdata\local\programs\python\python38\lib\runpy.py", line 85, in run_code
exec(code, run_globals)
File "C:\Users\anthony.hunter.000\AppData\Local\Programs\Python\Python38\Scripts\mdb.exe_main.py", line 9, in
File "c:\users\anthony.hunter.000\appdata\local\programs\python\python38\lib\site-packages\click\core.py", line 829, in call
return self.main(*args, **kwargs)
File "c:\users\anthony.hunter.000\appdata\local\programs\python\python38\lib\site-packages\click\core.py", line 782, in main
rv = self.invoke(ctx)
File "c:\users\anthony.hunter.000\appdata\local\programs\python\python38\lib\site-packages\click\core.py", line 1259, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "c:\users\anthony.hunter.000\appdata\local\programs\python\python38\lib\site-packages\click\core.py", line 1066, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "c:\users\anthony.hunter.000\appdata\local\programs\python\python38\lib\site-packages\click\core.py", line 610, in invoke
return callback(*args, **kwargs)
File "c:\users\anthony.hunter.000\appdata\local\programs\python\python38\lib\site-packages\mdbom\mdbom.py", line 96, in generate
packages = processors[proc_type].get_packages_from_bom(
File "c:\users\anthony.hunter.000\appdata\local\programs\python\python38\lib\site-packages\mdbom\bom\processor.py", line 54, in get_packages_from_bom
for component_license in component[LICENSES_ID]:
KeyError: 'licenses'
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Expecting the markdown file to be generated
System (please complete the following information):
Mardown SBOM
version: 0.2.1MdBOM should be able to handle Golang as well.
MdBOM should be able to read multiple BOM files and compile a single list of packages.
Instead of releasing to test pypi from develop it should only be done from release/... branches.
The URLs in the 3rd Party should be actual links.
Currently, the purl package type (pypi, nom, golang, ...) is not part of the final result. This should be included.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.