Pass `requirements.txt`?

[vpetersson]

Perhaps I'm missing something here, but wouldn't a natural use case for this be to pass a requirements.txt file as the list of dependencies for a product/project?

As far as I can tell, you can only pass on a Python module. I know you can (maybe should?) write modern python apps as modules, but that's probably not the most common way to do it in the real world.

[anthonyharrison]

@vpetersson The aim of sbom4python is to generate an SBOM for an installed Python module (equivalent to a deployed SBOM). This provides the exact versions of all the modules which are required (including the transitive versions) as this fully resolves all dependencies which are required.

The requirements.txt may contain dependencies which are not required and does not determine the precise version of the component to be installed.

There are other python SBOM generators which use requirements.txt but these will often not identify the version of a component or the transitive dependencies (I consider a SBOM generated using requirements.txt as a source SBOM)

[anthonyharrison]

Now supported from Version 0.11.0

[vpetersson]

Thanks!