Metadata-Version: 2.4
Name: rbom
Version: 0.1.2
Summary: Release Bill of Materials (RBOM)
Project-URL: Homepage, https://github.com/spockops/rbom
Project-URL: Issues, https://github.com/spockops/rbom/issues
Author-email: Example Author <dev@spockops.com>
License-Expression: Apache-2.0
License-File: LICENSE
Keywords: bom,compliance,rbom,release bill of materials,release management,sbom,security,software bill of materials,spockops
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: Education
Classifier: Intended Audience :: End Users/Desktop
Classifier: Intended Audience :: Financial and Insurance Industry
Classifier: Intended Audience :: Healthcare Industry
Classifier: Intended Audience :: Information Technology
Classifier: Intended Audience :: Legal Industry
Classifier: Intended Audience :: Manufacturing
Classifier: Intended Audience :: Other Audience
Classifier: Intended Audience :: Science/Research
Classifier: Intended Audience :: System Administrators
Classifier: Intended Audience :: Telecommunications Industry
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Build Tools
Requires-Python: >=3.11
Requires-Dist: click>=8.2.1
Requires-Dist: cryptography>=45.0.2
Requires-Dist: pygithub>=2.6.1
Requires-Dist: pytest>=8.3.5
Requires-Dist: pyyaml>=6.0.2
Requires-Dist: twine>=6.1.0
Provides-Extra: dev
Requires-Dist: pytest>=7.0.0; extra == 'dev'
Description-Content-Type: text/markdown

<div align="center">
    <h1 align="center" style="font-family: menlo">RBOM</h1>

</div>

<div align="center">
  <h4>Release Bill Of Materials</h4>
</div>
<br/>
<p align="center">
<a href="https://opensource.org/licenses/Apache-2.0"><img alt="PyPI" src="https://img.shields.io/badge/License-Apache_2.0-blue.svg"></a>
<a href="https://python.org/"><img alt="GA" src="https://img.shields.io/badge/Python-3.11.0-3776AB.svg?style=flat&logo=python&logoColor=white"></a>
<a href="https://github.com/psf/black"><img alt="Code style: black" src="https://img.shields.io/badge/code%20style-black-000000.svg"></a>
<a href="https://pypi.org/project/rbom/"><img alt="PyPI" src="https://img.shields.io/pypi/v/rbom"></a>

</p>




<div align="center">
  <h1>UNDER DEVELOPMENT 🚧</h1>
</div>

### Setup 

Create a rbom.yaml in the root repository directory, you can have multiple:
    - dev: dev.rbom.yaml
    - staging: staging.rbom.yaml
    - production: prod.rbom.yaml

### Overview

Policy support

### Custom Policy

Here for example a policy can be defined programatically, by checking
if the actor who ran the workflow is an admin: 
```bash
rbom set --policy custom:actor-is-admin --passed=${{ github.actor.is_admin }}
```

### Pre-Defined Policies
In the context of GitHub actions for example, a policy id can be that of a check suite such
as tests. 

The policy id ``gha-check: Run Tests`` must be the same as the job name.
We specify ``gha-check: `` to know to look at GitHub's check suite and then use ``Run Tests``
to determine if that specific job passed or failed.

This is auto-matically handled by ``rbom`` and the pre-defined policy.
You could also add a new policy on the fly by using:
```bash
rbom new --policy id="gha-check: Run Tests"
```



### Installation 

```bash
pip install rbom
```

### Signing 

Generate RSA Key Pair 

```bash
openssl genrsa -out private_rbom_key.pem 2048
openssl rsa -in private_rbom_key.pem -pubout -out public_rbom_key.pem
```


<hr/>


<div align="center">
  <h6>Haiku</h6>
  <small>
    "Scripts fire in the night, <br/>
    What shipped, who signed, what passed checks? <br/>
    RBOM leaves no doubt" <br/>
  </small>
</div>