Re: SPDX Generator with RefIDs and package hierarchy

Anthony Harrison


Have a look at SBOM4Python which generates an SBOM for an installed python module including all of its dependencies (direct or indirect). And look at SBOM2dot which generates a DOT file for producing a graph of the dependencies.

Both applications are available on PyPi.



On Thu, 9 Mar 2023, 19:51 , <daniel@...> wrote:
I feel like I'm missing something obvious here, but which SBOM generators actually generate SPDX SBOMs that (1) have refID's for the overall asset (documentDescribes), and (2) have package dependency hierarchy information, i.e. something that I could use to build a tree visualization of how the software dependencies are introduced into the main piece of software?


Join { to automatically receive all group messages.