Skip to content

dineshr93/sq

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

55 Commits
.vscode
.vscode
 
 
cmd
cmd
 
 
model
model
 
 
screenshots
screenshots
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

sq

SPDX Query, Making SPDX (2.2 & 2.3) JSON Files human readable

Note for newbies: SPDX is a format where sw entities discloses what open source libraries they have used in building their software. Security expers and legal compliance experts uses this data to check if they have any license issues or security vulnerability is there..

https://en.m.wikipedia.org/wiki/Software_Package_Data_Exchange

Docker image

docker pull dineshr93/sq:1.0

Load alias

alias dr='docker run'
alias p='echo ${PWD}'
alias sq='dr -v ${PWD}:${PWD} dineshr93/sq:1.0'

command

sq -c $(p)/ubuntu20.04.spdx.json -h

example

sq -c $(p)/ubuntu20.04.spdx.json pkgs 5

Description

A binary to query the spdx-sboms-JSON results.

By default uses $HOME/sbom.spdx.json file to load the data. (you can pass custom *.spdx.json file using --config option any time)

Sample

Display meta data with sq meta option Sample

If --config option is not passed it will detect & load first spdx json file automatically Display pkgs list with sq pkgs option Sample

limit pkgs with sq pkgs NUMBER option Sample

Display files list with sq files option Sample

Display spdx relationships table and list with sq rels option Sample

Display spdx relationships list with sq rels dig option Sample

Display IP Details list with sq pkgs ip option Sample

Getting Started

Contains following commands

    1. List Meta data (sq meta)
    2. List Files(sq files)
    3. List Packages (sq pkgs)
    4. List Relationships (sq rels)
    5. List pkgs and files in Relationships`(sq rels dig)

Dependencies

  • Cobra
  • Viper
  • Simple table

Installing

Choose appropriate (binary Releases)[https://github.com/dineshr93/sq/releases]

  • Rename the binary to 'sq'.
  • Add the binary to your environment path and use it.

How to run

  • How to run the program
>sq -h
A SBOM Query CLI (for issue -> https://github.com/dineshr93/sq/issues)

        1. List Meta data (sq meta)
        2. List Files (sq files)
        3. List Packages (sq pkgs)
        4. List Relationships (sq rels)
        5. List pkgs and files in Relationships (sq rels dig)

Usage:
  sq [command]

Available Commands:
  files       Command to list files section
  help        Help about any command
  meta        Meta data of the spdx file
  pkgs        Command to list pkgs section
  rels        Lists Relationships

Flags:
      --config string   config file (default is $HOME/.sq.yaml)
  -h, --help            help for sq
  -t, --toggle          Help message for toggle

Use "sq [command] --help" for more information about a command.
================================================================
Alternatively if UI is small to fit every thing, you can save the output to the file

sq meta > sbom-meta.txt
sq files > sbom-files.txt
sq pkgs > sbom-pkgs.txt
sq rels > sbom-rels.txt

Authors

Dinesh Ravi

Version History

  • 1.0.0
    • Initial Release

License

This project is licensed under the Apache License 2.0 - see the Apache-2.0 file for details

Acknowledgments

About

An SPDX Querying Binary

Topics

sbom sbom-tool

Resources

Readme

License

Apache-2.0 license
Activity

Stars

7 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 9

2.0.5 Latest
Apr 4, 2023
8 releases

Packages

No packages published

Languages