sbom2csv is a tool for converting Software Bill of Materials (SBOM) from JSON to CSV format.
Describe how to install your tool. If it's available via PyPI, you can simply use:
pip install sbom2csvHere's how you can use sbom2csv:
sbom2csv -i input.json -f csv -o output.csvThe generated CSV file will contain the following columns extracted from the SBOM components:
| Column | Description | Source Field |
|---|---|---|
| Name | Component name | name |
| Version | Component version | version |
| Description | Component description | description |
| Developer | Component author/developer | author |
| License | License identifier (SPDX format when available) | licenses[0].license.id |
| User Document | Link to component website/documentation | externalReferences (type: "website") |
| PURL | Package URL - standardized identifier | purl |
Name,Version,Description,Developer,License,User Document,PURL
express,4.21.2,"Fast, unopinionated, minimalist web framework",TJ Holowaychuk <[email protected]>,MIT,http://expressjs.com/,pkg:npm/[email protected]
lodash,4.17.19,Lodash modular utilities.,John-David Dalton <[email protected]>,MIT,https://lodash.com/,pkg:npm/[email protected]- The tool processes the
componentsarray from CycloneDX JSON format SBOMs - Empty fields will be included as blank values in the CSV
- If multiple licenses exist, only the first license ID is extracted
- The User Document field extracts the first external reference with type "website"
Contributions are welcome! Please read our contributing guidelines for details.
This project is licensed under the Yuan Zhou - see the LICENSE file for details.