Metadata-Version: 2.4
Name: cbom4cert
Version: 0.1.1
Summary: CBOM generator for certificates
Home-page: https://github.com/anthonyharrison/cbom4cert
Author: Anthony Harrison
Author-email: anthony.p.harrison@gmail.com
Maintainer: Anthony Harrison
Maintainer-email: anthony.p.harrison@gmail.com
License: Apache-2.0
Keywords: security,tools,SBOM,CBOM,DevSecOps,SPDX,CycloneDX
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Developers
Classifier: Natural Language :: English
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Programming Language :: Python :: 3.14
Classifier: Programming Language :: Python :: Implementation :: CPython
Classifier: Programming Language :: Python :: Implementation :: PyPy
Requires-Python: >=3.9
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: lib4sbom>=0.10.2
Requires-Dist: cryptography
Dynamic: author
Dynamic: author-email
Dynamic: classifier
Dynamic: description
Dynamic: description-content-type
Dynamic: home-page
Dynamic: keywords
Dynamic: license
Dynamic: license-file
Dynamic: maintainer
Dynamic: maintainer-email
Dynamic: requires-dist
Dynamic: requires-python
Dynamic: summary

# CBOM4CERT

The CBOM4CERT is a free, open source tool to generate a
CBOM (Cryptography Bill of Materials) for one of more installed certificates in [CycloneDX](https://www.cyclonedx.org) format.

## Installation

To install use the following command:

`pip install cbom4cert`

Alternatively, just clone the repo and install dependencies using the following command:

`pip install -U -r requirements.txt`

The tool requires Python 3 (3.9+). It is recommended to use a virtual python environment especially
if you are using different versions of python. `virtualenv` is a tool for setting up virtual python environments which
allows you to have all the dependencies for the tool set up in a single environment, or have different environments set
up for testing using different versions of Python.

## Usage

```bash
usage: cbom4cert [-h] [-c CERTIFICATE] [--system] [--path PATH] [-d] [--sbom {spdx,cyclonedx}] [--format {tag,json,yaml}] [-o OUTPUT_FILE] [-V]

CBOM4cert generates a Cryptography Bill of Materials for one or more installed certificates.

options:
  -h, --help            show this help message and exit
  -V, --version         show program's version number and exit

Input:
  -c CERTIFICATE, --certificate CERTIFICATE
                        filename of certificate
  --system              include all installed python modules within system
  --path PATH           path to directory of certificates

Output:
  -d, --debug           add debug information
  --sbom {spdx,cyclonedx}
                        specify type of sbom to generate (default: cyclonedx)
  --format {tag,json,yaml}
                        specify format of software bill of materials (sbom) (default: json)
  -o OUTPUT_FILE, --output-file OUTPUT_FILE
                        output filename (default: output to stdout)

```

## Operation

The `--certificate` option is used to identify a certificate file. The `--system` option is used to indicate that the CBOM is to include all installed
certificates. Currently the `--certificate` option only works for Linux based platforms.

One of `--certicate` or `--system` must be specified. If multiple options are specified, the `--certificate` option is used.

The `--path` option is to specify the path to a directory containing certificates.

The `--sbom` option is used to specify the format of the generated SBOM (the default is CycloneDX). The `--format` option
can be used to specify the formatting of the SBOM (the default is Tag Value format for a SPDX SBOM). JSON format is supported for both
SPDX and CycloneDX SBOMs).

The `--output-file` option is used to control the destination of the output generated by the tool. The
default is to report to the console but can be stored in a file (specified using `--output-file` option).


## Licence

Licenced under the Apache 2.0 Licence.

## Limitations

The SPDX support is incomplete.

The `--certificate` option only works for Linix based platforms.

## Feedback and Contributions

Bugs and feature requests can be made via GitHub Issues.
