A possible alternative library for apt

sbomtools / apt2sbom

apt2sbom python package generates SPDX or CycloneDX files from Ubuntu APT and Python packaging information

BSD 3-Clause "New" or "Revised" License

22 stars 10 forks source link

A possible alternative library for apt #1

Open pombredanne opened 2 years ago

pombredanne commented 2 years ago

This is tool looking very nice... FWIW I maintain this library https://github.com/nexB/debian-inspector that has a different approach as it can deal with installed debian package in a static way e.g., even if you are not on Debian or when you are trying to get the installed packages from a tarball, or a container image. You may find it useful or entertaining!

See it used here https://github.com/nexB/scancode-toolkit/blob/1dfd73a28fed3bdd3bb6554eeda35f52fb3d86f9/src/packagedcode/debian.py#L160

elear commented 2 years ago

Thanks for this pointer. Is there additional documentation on the inspector?

pombredanne commented 2 years ago

@elear there is no additional documentation beyond the code docs, a decent battery of tests and its usage in ScanCode. I crafted https://github.com/nexB/debian-inspector/issues/24