sbom4python

sbom4python copied to clipboard

PyPi metadata doesn't have expected values - exception thrown

2

When running `sbom4python` against my project, I am getting an exception thrown. It looks like the PyPi package in question doesn't have `repo_metadata` filled out (NoneType). I debated opening a...

JR-Carroll

## Description The current `process_setup_py()` method only detects dependencies wrapped in quotes within list syntax: `pythoninstall_requires = ["django==4.2.23", "CairoSVG==2.7.1"]` However, many Python projects define dependencies using multiline strings followed by...

HalaAli198

`--python` parameter doesn't work when using tilde (`~`) expansion in file path

1

## Bug Description The `--python` parameter doesn't work when using tilde (`~`) expansion in file paths. ## Steps to Reproduce ```sbom4python --use-pip --python ~/path/to/venv/bin/python3.9 --system --sbom cyclonedx --format json --output-file...

HalaAli198

pyproject.toml does not include transitive dependencies

1

I used `sbom4python -r pyproject.toml -o sbom-spdx.json --sbom cyclonedx` and found it to not include the transitive dependencies. Running instead: `pip-compile -o requirements.txt ./pyproject.toml` and then `sbom4python -r requirements.txt -o...

maurerle