diff options
Diffstat (limited to 'security/py-distro2sbom')
| -rw-r--r-- | security/py-distro2sbom/Makefile | 26 | ||||
| -rw-r--r-- | security/py-distro2sbom/distinfo | 3 | ||||
| -rw-r--r-- | security/py-distro2sbom/pkg-descr | 10 |
3 files changed, 39 insertions, 0 deletions
diff --git a/security/py-distro2sbom/Makefile b/security/py-distro2sbom/Makefile new file mode 100644 index 000000000000..01cfe2f6630a --- /dev/null +++ b/security/py-distro2sbom/Makefile @@ -0,0 +1,26 @@ +PORTNAME= distro2sbom +DISTVERSIONPREFIX= v +DISTVERSION= 0.6.0 +CATEGORIES= security python +PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} + +MAINTAINER= tuukka.pasanen@ilmi.fi +COMMENT= Generates SBOM files from system packaging information +WWW= https://github.com/anthonyharrison/distro2sbom + +LICENSE= APACHE20 +LICENSE_FILE= ${WRKSRC}/LICENSE + +BUILD_DEPENDS= ${PY_SETUPTOOLS} \ + ${PYTHON_PKGNAMEPREFIX}wheel>=0:devel/py-wheel@${PY_FLAVOR} +RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}lib4sbom>=0.8.4:security/py-lib4sbom@${PY_FLAVOR} + +USES= python +USE_GITHUB= yes +GH_ACCOUNT= anthonyharrison +GH_PROJECT= distro2SBOM +USE_PYTHON= autoplist concurrent pep517 + +NO_ARCH= yes + +.include <bsd.port.mk> diff --git a/security/py-distro2sbom/distinfo b/security/py-distro2sbom/distinfo new file mode 100644 index 000000000000..77fc17d09d58 --- /dev/null +++ b/security/py-distro2sbom/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1746491634 +SHA256 (anthonyharrison-distro2SBOM-v0.6.0_GH0.tar.gz) = e810bf8bf29bd85f52e8df9221ababc4605affc5b7ea1177c15c580486c13057 +SIZE (anthonyharrison-distro2SBOM-v0.6.0_GH0.tar.gz) = 24911 diff --git a/security/py-distro2sbom/pkg-descr b/security/py-distro2sbom/pkg-descr new file mode 100644 index 000000000000..4f3c5b3f7bc9 --- /dev/null +++ b/security/py-distro2sbom/pkg-descr @@ -0,0 +1,10 @@ +The DISTRO2SBOM generates a SBOM (Software Bill of Materials) for either an +installed application or a complete system installation in a number of +formats including SPDX and CycloneDX. + +An SBOM for an installed package will identify all of its dependent components. + +It is intended to be used as part of a continuous integration system to enable +accurate records of SBOMs to be maintained and also to support subsequent +audit needs to determine if a particular component (and version) +has been used. |