sbom4python icon indicating copy to clipboard operation
sbom4python copied to clipboard
verified publisher icon anthonyharrison

`--python` parameter doesn't work when using tilde (`~`) expansion in file path

Open HalaAli198 opened this issue 4 months ago • 1 comments

Bug Description

The --python parameter doesn't work when using tilde (~) expansion in file paths.

Steps to Reproduce

sbom4python --use-pip --python ~/path/to/venv/bin/python3.9 --system --sbom cyclonedx --format json --output-file test.json

Expected Behavior

Should use the specified Python interpreter from the virtual environment and scan packages installed in that environment.

Actual Behavior

Ignores the --python parameter and uses system Python instead, scanning system-wide packages rather than the virtual environment packages.

Root Cause

In SBOMScanner.__init__(), line 67: self.python_path =[+] pathlib.Path(python_path)[/+][-] pathlib.Path(python_path[/-] The pathlib.Pathconstructor doesn't expand ~, soself.python_path.exists()returns False inrun_pip_cmd(), causing the --python` parameter to be skipped.

Suggested Fix

pythonself.python_path = pathlib.Path(python_path).expanduser()

Workaround

Use absolute paths instead of tilde paths: bashsbom4python --use-pip --python /home/user/path/to/venv/bin/python3.9 --system

Environment

sbom4python version: 0.12.4 OS: Ubuntu

HalaAli198 avatar Aug 20 '25 15:08 HalaAli198

Thanks for finding this @HalaAli198

tilde paths do work for other parameters e.g. for the --output parameter.

anthonyharrison avatar Oct 02 '25 11:10 anthonyharrison