You can use Syft [1] which generates the full software bill of materials, which ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

hrpnk on May 25, 2022 | parent | context | favorite | on: Python utility for tracking third party dependenci...

You can use Syft [1] which generates the full software bill of materials, which includes package names, licenses for a broad set of tech stack ranging from OS level (Alpine, Debian), through Go, Ruby, Python, Java, JavaScript, etc.

[1] https://github.com/anchore/syft

woodruffw on May 25, 2022 [–]

Since this is about Python specifically, I'll go ahead and and highlight `pip-audit`[1] as a specialized tool for generating Python SBOMs and running audits against the official PyPI vulnerability feed.

FD: My company, my work.

[1]: https://github.com/trailofbits/pip-audit

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact