nix2sbom extracts the SBOM (Software Bill of Materials) from a Nix derivation

Related tags

Command-line nix nixos sbom cyclonedx sbom-generator
Overview

nix2sbom

github Build Status dependency status License file

nix2sbom extracts the SBOM (Software Bill of Materials) from a Nix derivation

đź“š Documentation for using nix2sbom is here

Warning
This repo is still a work-in-progress. The command-line options and command names might change significantly until the project reaches version 1.0.0.

Features

  • Supports CycloneDX 1.4 format
  • Supports JSON and YAML serialization formats
  • Generates a SBOM for your current NixOS system
  • Detects and handles patches
  • Discovers git URLs (using archive URLs)

Installing

With Nix

Assuming that you have enabled both the flakes and nix-command experimental features:

nix profile install github:louib/nix2sbom

With Cargo

cargo install --path .
Comments
  • Invalid type error when parsing metadata for packages

    Invalid type error when parsing metadata for packages

    I just wanted to try this out but got this:

    $ nix run "https://flakehub.com/f/louib/nix2sbom/0.1.66.tar.gz" -
[00:00:00.000] (7f113f94a7c0) INFO   Getting the derivations from the current system.
[00:00:02.061] (7f113f94a7c0) INFO   Found 14271 derivations
[00:00:02.061] (7f113f94a7c0) INFO   Getting the metadata for packages in the Nix store
Error: "invalid type: map, expected a string at line 493167 column 10"
    opened by NorfairKing 9
  • Support CycloneDX dependencies

    Support CycloneDX dependencies

    We currently do not represent the dependency relationships between the components. See https://docs.rs/serde-cyclonedx/latest/serde_cyclonedx/cyclonedx/v_1_4/struct.CycloneDxBuilder.html#method.dependencies

    opened by louib 0
  • Error:

    Error: "data did not match any variant of untagged enum PackageMaintainers at line 2361 column 7"

    Saw your flake on FlakeHub and thought I would give it a go. I added it to my config and tried running:

    nix2sbom --current-system

    and I got the following error:

    [00:00:00.000] (7f28fe0877c0) INFO   Getting the derivations from the current system.
[00:00:01.197] (7f28fe0877c0) INFO   Found 10375 derivations
[00:00:01.197] (7f28fe0877c0) INFO   Getting the metadata for packages in the Nix store
Error: "data did not match any variant of untagged enum PackageMaintainers at line 2361 column 7"

    I tried some more things and got the same or similar looking errors:

    ╭─mcamp on butler in ~/code/campground-nvim on master🔥
╰─🚧 nix2sbom -f .#
[00:00:00.000] (7fc8d82b47c0) INFO   Getting the derivations from file .#.
[00:00:02.779] (7fc8d82b47c0) INFO   Found 4344 derivations
[00:00:02.779] (7fc8d82b47c0) INFO   Getting the metadata for packages in the Nix store
Error: "data did not match any variant of untagged enum PackageMaintainers at line 2361 column 7"
╭─mcamp on butler in ~/code/campground-nvim on master🔥
╰─🚧 cd ../vault-secrets 
╭─mcamp on butler in ~/code/vault-secrets on main✔️
╰─🚧 nix2sbom -f .#     
[00:00:00.000] (7f0a885e47c0) INFO   Getting the derivations from file .#.
[00:00:00.448] (7f0a885e47c0) INFO   Found 654 derivations
[00:00:00.448] (7f0a885e47c0) INFO   Getting the metadata for packages in the Nix store
Error: "data did not match any variant of untagged enum PackageMaintainers at line 2361 column 7"

    campground-nvim and vault-secrets are flakes of mine, the nvim one is based on nixvim and the other is a simple shell script flake I was playing with the other night.

    I very well might be doing something dumb, because I only marginally know what I'm doing. So if I am way out in left field let me know..

    opened by usmcamp0811 0
  • Improve PURL detection

    Improve PURL detection

    For example, packages coming from cargo should use the cargo scope, packages from npm the npm scope, etc. Only packages that are not coming from a package manager should use the nix scope.

    opened by louib 0
  • Implement filtering by dependency type

    Implement filtering by dependency type

    We could filter the dependencies by type (build-time VS run-time), and add a CLI option to only generate the SBOM for the build-time or run-time dependencies.

    opened by louib 0
  • Update CyloneDX version to 1.5

    Update CyloneDX version to 1.5

    The project is currently using the 1.4 version, but the 1.5 version is already available and is supported by the serde_cyclonedx crate. We could also support both and add a CLI flag to toggle between 1.4 and 1.5.

    help wanted 
    opened by louib 0
Owner
null
GitHub
A `nix` and `nix-shell` wrapper for shells other than `bash`

nix-your-shell A nix and nix-shell wrapper for shells other than bash. nix develop and nix-shell use bash as the default shell, so nix-your-shell prin

Mercury 15 Apr 10, 2023
Progress In Nix - Pacman inspired frontend for Nix

Progress In Nix Pinix is a Pacman inspired frontend for Nix. It wraps a regular Nix command and replaces the output with a more modern and informative

Rémi Dupré 23 Mar 9, 2024
CLI tool that extracts a regex pattern from a list of urls ( Rust )

rextract CLI tool that extracts a regex pattern from a list of urls. The tool is written in Rust and supports PCRE. Installation Step 1: Visit https:/

null 45 Dec 11, 2022
A simple gtk4/libadwaita software center to easily install and manage nix packages

Nix Software Center A graphical app store for Nix built with libadwaita, GTK4, and Relm4. Heavily inspired by GNOME Software. Features Install package

Victor Fuentes 169 Dec 30, 2022
A comprehensive collection of resources and learning materials for Rust programming, empowering developers to explore and master the modern, safe, and blazingly fast language.

?? Awesome Rust Lang ⛰️ Project Description : Welcome to the Awesome Rust Lang repository! This is a comprehensive collection of resources for Rust, a

Shubham Raj 16 May 29, 2023
Dog command for *nix systems, Rust port of dog.

dog-rs Dog command for *nix systems, Rust port of dog. Because there is a cat command, should be a dog command too. It was written completely using VS

Juanjo Salvador 2 Sep 29, 2021
A flexible simple theme manager for *nix systems

tema A theme manager for *nix systems respecting the FHS spec configuration As of now all the configuration is done via $XDG_CONFIG_HOME/tema/config.y

lb06 2 Sep 23, 2022
rpsc is a *nix command line tool to quickly search for file systems items matching varied criterions like permissions, extended attributes and much more.

rpsc rpsc is a *nix command line tool to quickly search for file systems items matching varied criterions like permissions, extended attributes and mu

null 3 Dec 15, 2022
Generate Nix packages from URLs

Generate Nix packages from URLs with hash prefetching, dependency inference, license detection, and more

Nix community projects 130 Feb 5, 2023
Downloads and provides debug symbols and source code for nix derivations to gdb and other debuginfod-capable debuggers as needed.

nixseparatedebuginfod Downloads and provides debug symbols and source code for nix derivations to gdb and other debuginfod-capable debuggers as needed

Guillaume Girol 16 Mar 6, 2023
A natural language shell interface for *nix systems

Orphic A natural language shell interface for *nix systems. Overview Orphic is a CLI tool that uses GPT to translate complex tasks into shell commands

Will Savage 42 Mar 29, 2023
A Nix template for full-stack web apps in Rust using Leptos

leptos-fullstack A Nix template for full-stack web apps in Rust using Leptos. Tech used: Leptos full-stack framework server functions ssr + hydration

Sridhar Ratnakumar 6 Aug 4, 2023
The official CLI for FlakeHub: search for flakes, and add new inputs to your Nix flake.

fh, the official FlakeHub CLI fh is a scrappy CLI for searching FlakeHub and adding new inputs to your Nix flakes. Usage Using fh from FlakeHub: nix s

Determinate Systems 35 Oct 11, 2023
A CLI tool to deduplicate your Nix flake's inputs as if you added `inputs.*.inputs.*.follows = "*"` everywhere.

Allfollow What is this? Take this flake's inputs, for example. inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; rust-overla

Jacob Birkett 9 Aug 31, 2024
A curated list of replacements for existing software written in Rust

Awesome Alternatives in Rust A curated list of replacements for existing software written in Rust. If you want to contribute, please read CONTRIBUTING

Takayuki Maeda 2.7k Jan 8, 2023
Metaballs (blobs) coded in Rust. 100% software rendering.

Metaballs (blobs) coded in Rust. 100% software rendering. It is basically a Rust version of my old demo effect from the 90s (back then we'd use a fake Phong shading, though).

Maciej Sinilo 7 Dec 4, 2022
Chaos Cat brings destruction and suffering to your software

Chaos Cat brings destruction and suffering to your software. When Chaos Cat is loaded it will randomly make predefined syscalls fail. This tests your software for the the things you might have forgotten to check because operating systems usually Just Work™ and syscalls usually never fail.

Ossi Herrala 2 Oct 8, 2022
Work-in-progress software for managing the Azeron keypad on any operating system.

azeron-cli A small, unfinished CLI application intended to manage the Azeron Cyborg. The code is still in a very messy state and doesn't look very rus

cozyGalvinism 5 Nov 24, 2022
This is a multilingual word learning software.

Ladder This is a multilingual word learning software. How to add words to the software The project contains the words.json file, json contains learn a

Kuil 4 Jan 17, 2023