Skip to content

APH10/SbomLensAPI

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
apiclient
apiclient
 
 
docs
docs
 
 
tests
tests
 
 
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pytest.ini
pytest.ini
 
 
pyvenv.cfg
pyvenv.cfg
 
 
requirements.txt
requirements.txt
 
 
setup.py
setup.py
 
 
tox.ini
tox.ini
 
 

Repository files navigation

SBOMLENS CLI

A Python API client library (apiclient) and CLI (sbomlenscli) for interacting with the SBOMLENS REST API. The API requires a valid API key and supports token-based authentication.

Features

  • Status platform check
  • Token authentication with caching and timed expiry
  • File upload via POST
  • Configurable API base URL
  • API key required for all requests
  • CLI (sbomlenscli) for convenience
  • Logging/debug mode

Installation

Clone the repo and install dependencies using the following command:

python -m venv .venv
source .venv/bin/activate   # Windows: .venv\Scripts\activate
pip install -r requirements.txt

For development, use

pip install -e .

The tool requires Python 3 (3.9+). It is recommended to use a virtual python environment especially if you are using different versions of python. virtualenv is a tool for setting up virtual python environments which allows you to have all the dependencies for the tool set up.

Configuration

Copy .env.example and edit as needed:

cp .env.example .env
SBOMLENS_API_KEY – required
SBOMLENS_API_BASE_URL – default: http://127.0.0.1
SBOMLENS_TOKEN_MAX_AGE_DAYS – default: 30

Usage

usage: sbomlenscli [-h] [--base-url BASE_URL] [--api-key API_KEY] [--debug] [--output OUTPUT] [-V] {status,auth,get,post,logout} ...

A CLI utility to interact with the SBOMLens platform

positional arguments:
  {status,auth,get,post,logout}

options:
  -h, --help            show this help message and exit
  --base-url BASE_URL   specify the URL of the SBOMLens platform
  --api-key API_KEY     specify API Key to use the SBOMLens platform
  --debug               show debug information
  --output OUTPUT       output filename (default: output to stdout)
  -V, --version         show program's version number and exit

For support send email to [email protected]

Quick Start

The following exmaples assume that the environment variables have been set. If not, add '--apikey xxxxx' to each command to specify the API key and ''--base-ul yyyyy' to specify the platform address.

Check System Status

This command should be used to confirm that the SBOMLens platform is available.

sbomlenscli status

A typical response is:

{
  "status": "ok",
  "timestamp": "22 Sep 2025 18:20:42",
  "version": "0.1.8",
  "uptime": "0 days 01 hours 38 minutes 05 seconds"
}

If the platform is not available or accessible, an error will be returned.

[ERROR] Unable to perform request

Authentication

Before any interaction with the SBOMLens platform, a valid user needs to authenticate with the platform. If a user is already authenticated with the platform, this request to authenticate will replace the currently authenictaed user.

Once authenticated, a token is stored on the system for a period of up to 30 days (the default).

sbomlenscli auth username password

If the username and password are valid, the client will be logged in.

If the username and/or password are not valid, the following error will be returned

ERROR:apiclient.client:API error 401: {'message': 'Bad username or password'}

Retrieve Data

The general formatof a request to retrieve data is

sbomlenscli get <endpoint>

The following endpoints are supported

Endpoint Parameter Description
sbom None Returns an index of all of the available SBOMs. Unique identifier (SBOM id) of each SBOM is provided.
sbom/ SBOM id Returns details of the specified SBOM.
sbom/vuln/ SBOM id Returns the set of vulnerabilities for the specified SBOM.
application None Returns an index of all of the available applications. Unique identifier (App id) of each application is provided.
application/vuln/ App id Returns the set of vulnerabilities for the specified application.
asset None Returns an index of all of the available assets. Unique identifier (Asset id) of each asset is provided.
asset/vuln/ Asset id Returns the set of vulnerabilities for the specified application.
system None Returns the system configuration identifying the assets, applications and SBOMs.
system/vuln None Returns the set of vulnerabilities for the system.
vulnerability/ Vulnerability Id Returns deatils of the specified vulnerability.
component None Returns a summary of all of the components within the system.
component/ Component Name Returns a list of vulnerable components matching the component name.

Upload a file

The following command is used to upload a SBOM into the system

sbomlenscli post load --field project="Test Project" --field release="0.1" --file sbomfile=/tmp/test.json

The project, release and sbomfile parameters must be specified.

Various errors can be returned e.g. if the file cannot be found, the project and release has already been defined.

After the request has been acknowledged, there will be a delay whilst the SBOM is processed before details of the SBOM (e.g, vulnerabilities) can be accessed

Logout

sbomlenscli logout

This will logout the currently authenticated user.

Licence

Licenced under the Apache 2.0 Licence.

Feedback and Contributions

Bugs and feature requests can be made via GitHub Issues.

About

RESTful API access to SBOMLens

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages