This repo is a place for various scripts & utilities for Spectra Assure, ReversingLabs' software supply chain security product.
- extract_cbom.py - Extracts the cryptography bill of materials (CBOM) from a CycloneDX BOM (v1.6 or greater, JSON format). Output is in tabular format to the console. Or, the output can be sent to a file using the
-o/--outputargument. - create_license_notice_file.py - Creates a license notice file from a CycloneDX SBOM (v1.4 or greater, JSON format). Only components of type "library" are included.
Required argument: -s/--sbom
The scripts below are for working with the Spectra Assure SaaS Portal. They use the Spectra Assure SDK, which is a Python wrapper for the Portal API.
NOTE: The following environment variables must be set.
RLPORTAL_ACCESS_TOKEN - Portal API token
RLPORTAL_GROUP - Target server on secure.software (typically the customer name)
RLPORTAL_ORG - Name of the organization in Portal
RLPORTAL_SERVER - Name of the group in Portal
- create_project.py - Creates a new project in Portal.
Required argument: -p/--project - create_package.py - Creates a new package in Portal under an existing project.
Required arguments: -p/--project, -k/--package - create_proj_and_package.py - Creates a new project and new package in Portal.
Required arguments: -p/--project, -k/--package - scan_file.py - Uploads and scans the specified file in Portal.
Required arguments: -p/--project, -k/--package, -v/--version, -f/--file - fetch_report.py - Downloads the specified report type for a scanned package. Valid report types are listed on the API documentation page.
Required arguments: -p/--project, -k/--package, -v/--version, -t/--type. - rescan_all_versions.py - Initiates rescan of all versions in a package. Only versions that aren't in sync will be rescanned.
Required arguments: -p/--project, -k/--package