基于cyclonedx-conan和conan软件生成sbom

文章目录

      • 1.安装
      • 2. 生成sbom文件

1.安装

项目地址:https://github.com/CycloneDX/cyclonedx-conan
安装方式:

pip install cyclonedx-conan #同时会把很多依赖一起安装好
(venv) E:\flaskbom\4BOM>pip list
Package            Version
------------------ --------
bottle             0.12.25
certifi            2023.5.7
charset-normalizer 3.2.0
colorama           0.4.6
conan              1.41.0
cyclonedx-conan    0.2.0
setuptools         68.0.0
six                1.16.0
tqdm               4.65.0
urllib3            1.26.16
wheel              0.40.0

2. 生成sbom文件

 conan new bom1/0.1 -t  #生成conanfile.py文件
 conan install .  
 cyclonedx-conan generate > sbom.json
(venv) E:\flaskbom\4BOM>  conan new bom2/0.1 -t 
File saved: conanfile.py
File saved: test_package/CMakeLists.txt
File saved: test_package/conanfile.py  
File saved: test_package/example.cpp   

在执行 conan install . 时出现错误:ERROR: bom2/0.1: ‘settings.compiler.cppstd’ value not defined,此时需要改动文件conanfile.py

(venv) E:\flaskbom\4BOM>conan install .                      
Configuration:
[settings]
compiler.runtime_type=Release
compiler.version=19.3
os=Windows
os_build=Windows
[options]
[build_requires]
[env]

ERROR: bom2/0.1: 'settings.compiler.cppstd' value not defined

改的是根目录下的conanfile.py 文件
添加内容:

    def configure(self):
        if self.settings.compiler == "msvc":
            self.settings.compiler.cppstd = "17"
            self.settings.compiler.runtime = "dynamic" #'static'#str(int(time.time()))

完整文件:

from conans import ConanFile, CMake, tools
import time

class SecClientConan(ConanFile):
    name = "secClient"
    version = "0.1"
    license = ""
    author = " "
    url = ""
    description = ""
    topics = ("", "", "")
    settings = "os", "compiler", "build_type", "arch"
    options = {"shared": [True, False], "fPIC": [True, False]}
    default_options = {"shared": False, "fPIC": True}
    generators = "cmake"

    def config_options(self):
        if self.settings.os == "Windows":
            del self.options.fPIC

    def source(self):
        self.run("git clone https://github.com/conan-io/hello.git")
        # This small hack might be useful to guarantee proper /MT /MD linkage
        # in MSVC if the packaged project doesn't have variables to set it
        # properly
        tools.replace_in_file("hello/CMakeLists.txt", "PROJECT(HelloWorld)",
                              '''PROJECT(HelloWorld)
include(${CMAKE_BINARY_DIR}/conanbuildinfo.cmake)
conan_basic_setup()''')

    def build(self):
        cmake = CMake(self)
        cmake.configure(source_folder="hello")
        cmake.build()

        # Explicit way:
        # self.run('cmake %s/hello %s'
        #          % (self.source_folder, cmake.command_line))
        # self.run("cmake --build . %s" % cmake.build_config)

    def package(self):
        self.copy("*.h", dst="include", src="hello")
        self.copy("*hello.lib", dst="lib", keep_path=False)
        self.copy("*.dll", dst="bin", keep_path=False)
        self.copy("*.so", dst="lib", keep_path=False)
        self.copy("*.dylib", dst="lib", keep_path=False)
        self.copy("*.a", dst="lib", keep_path=False)

    def package_info(self):
        self.cpp_info.libs = ["hello"]

    def configure(self):
        if self.settings.compiler == "msvc":
            self.settings.compiler.cppstd = "17"
            self.settings.compiler.runtime = "dynamic" #'static'#str(int(time.time()))


cynan install .结果:

(venv) E:\flaskbom\4BOM>conan install .
Configuration:
[settings]                   
arch=x86_64                  
arch_build=x86_64            
[env]

conanfile.py (bom2/0.1): Installing package
Requirements
Packages

Installing (downloading, building) binaries...
conanfile.py (bom2/0.1): Generator txt created conanbuildinfo.txt
conanfile.py (bom2/0.1): Generator cmake created conanbuildinfo.cmake
conanfile.py (bom2/0.1): Aggregating env generators
conanfile.py (bom2/0.1): Generated conaninfo.txt
conanfile.py (bom2/0.1): Generated graphinfo

(venv) E:\flaskbom\4BOM>

然后可以看到生成了这些文件:
基于cyclonedx-conan和conan软件生成sbom_第1张图片
新建文件夹 generate,并且将新生成文件移动到该文件夹
执行:cyclonedx-conan generate >sbom3.json
这是新生成的文件:

{
  "bomFormat": "CycloneDX",
  "specVersion": "1.3",
  "serialNumber": "urn:uuid:6bf43d3d-44c3-4178-8fb3-d7065e45e000",
  "version": 1,
  "metadata": {
    "component": {
      "bom-ref": "[email protected]",
      "type": "application",
      "name": "unknown",
      "version": "0.0.0"
    }
  },
  "components": [
    {
      "bom-ref": "pkg:conan/[email protected]?repository_url=localhost",
      "type": "library",
      "name": "bom2",
      "version": "0.1",
      "purl": "pkg:conan/[email protected]?repository_url=localhost"
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:conan/[email protected]?repository_url=localhost",
      "dependsOn": []
    }
  ]
}

你可能感兴趣的:(#,python进阶,cyclonedx)