基于cyclonedx-conan和conan软件生成sbom

于 2023-07-20 18:54:15 发布
阅读量611 收藏 2
点赞数
分类专栏: # python进阶 文章标签: cyclonedx
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/LCY133/article/details/131837383
版权

文章目录

1.安装

项目地址:https://github.com/CycloneDX/cyclonedx-conan
安装方式:

pip install cyclonedx-conan #同时会把很多依赖一起安装好

(venv) E:\flaskbom\4BOM>pip list
Package            Version
------------------ --------
bottle             0.12.25
certifi            2023.5.7
charset-normalizer 3.2.0
colorama           0.4.6
conan              1.41.0
cyclonedx-conan    0.2.0
setuptools         68.0.0
six                1.16.0
tqdm               4.65.0
urllib3            1.26.16
wheel              0.40.0

2. 生成sbom文件

 conan new bom1/0.1 -t  #生成conanfile.py文件
 conan install .  
 cyclonedx-conan generate > sbom.json

(venv) E:\flaskbom\4BOM>  conan new bom2/0.1 -t 
File saved: conanfile.py
File saved: test_package/CMakeLists.txt
File saved: test_package/conanfile.py  
File saved: test_package/example.cpp

在执行 conan install . 时出现错误:ERROR: bom2/0.1: ‘settings.compiler.cppstd’ value not defined,此时需要改动文件conanfile.py

(venv) E:\flaskbom\4BOM>conan install .                      
Configuration:
[settings]
compiler.runtime_type=Release
compiler.version=19.3
os=Windows
os_build=Windows
[options]
[build_requires]
[env]

ERROR: bom2/0.1: 'settings.compiler.cppstd' value not defined

改的是根目录下的conanfile.py 文件
添加内容:

    def configure(self):
        if self.settings.compiler == "msvc":
            self.settings.compiler.cppstd = "17"
            self.settings.compiler.runtime = "dynamic" #'static'#str(int(time.time()))

完整文件:

from conans import ConanFile, CMake, tools
import time

class SecClientConan(ConanFile):
    name = "secClient"
    version = "0.1"
    license = "<Put the package license here>"
    author = "<Put your name here> <And your email here>"
    url = "<Package recipe repository url here, for issues about the package>"
    description = "<Description of SecClient here>"
    topics = ("<Put some tag here>", "<here>", "<and here>")
    settings = "os", "compiler", "build_type", "arch"
    options = {"shared": [True, False], "fPIC": [True, False]}
    default_options = {"shared": False, "fPIC": True}
    generators = "cmake"

    def config_options(self):
        if self.settings.os == "Windows":
            del self.options.fPIC

    def source(self):
        self.run("git clone https://github.com/conan-io/hello.git")
        # This small hack might be useful to guarantee proper /MT /MD linkage
        # in MSVC if the packaged project doesn't have variables to set it
        # properly
        tools.replace_in_file("hello/CMakeLists.txt", "PROJECT(HelloWorld)",
                              '''PROJECT(HelloWorld)
include(${CMAKE_BINARY_DIR}/conanbuildinfo.cmake)
conan_basic_setup()''')

    def build(self):
        cmake = CMake(self)
        cmake.configure(source_folder="hello")
        cmake.build()

        # Explicit way:
        # self.run('cmake %s/hello %s'
        #          % (self.source_folder, cmake.command_line))
        # self.run("cmake --build . %s" % cmake.build_config)

    def package(self):
        self.copy("*.h", dst="include", src="hello")
        self.copy("*hello.lib", dst="lib", keep_path=False)
        self.copy("*.dll", dst="bin", keep_path=False)
        self.copy("*.so", dst="lib", keep_path=False)
        self.copy("*.dylib", dst="lib", keep_path=False)
        self.copy("*.a", dst="lib", keep_path=False)

    def package_info(self):
        self.cpp_info.libs = ["hello"]

    def configure(self):
        if self.settings.compiler == "msvc":
            self.settings.compiler.cppstd = "17"
            self.settings.compiler.runtime = "dynamic" #'static'#str(int(time.time()))

cynan install .结果:

(venv) E:\flaskbom\4BOM>conan install .
Configuration:
[settings]                   
arch=x86_64                  
arch_build=x86_64            
[env]

conanfile.py (bom2/0.1): Installing package
Requirements
Packages

Installing (downloading, building) binaries...
conanfile.py (bom2/0.1): Generator txt created conanbuildinfo.txt
conanfile.py (bom2/0.1): Generator cmake created conanbuildinfo.cmake
conanfile.py (bom2/0.1): Aggregating env generators
conanfile.py (bom2/0.1): Generated conaninfo.txt
conanfile.py (bom2/0.1): Generated graphinfo

(venv) E:\flaskbom\4BOM>

然后可以看到生成了这些文件:
在这里插入图片描述
新建文件夹 generate,并且将新生成文件移动到该文件夹
执行:cyclonedx-conan generate >sbom3.json
这是新生成的文件:

{
  "bomFormat": "CycloneDX",
  "specVersion": "1.3",
  "serialNumber": "urn:uuid:6bf43d3d-44c3-4178-8fb3-d7065e45e000",
  "version": 1,
  "metadata": {
    "component": {
      "bom-ref": "unknown@0.0.0",
      "type": "application",
      "name": "unknown",
      "version": "0.0.0"
    }
  },
  "components": [
    {
      "bom-ref": "pkg:conan/bom2@0.1?repository_url=localhost",
      "type": "library",
      "name": "bom2",
      "version": "0.1",
      "purl": "pkg:conan/bom2@0.1?repository_url=localhost"
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:conan/bom2@0.1?repository_url=localhost",
      "dependsOn": []
    }
  ]
}
LCY133
关注
专栏目录
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值