Propositions for enhancements to sbomaudit

[gutzbenj]

Dear @anthonyharrison ,

First of all thanks for creating this beautiful library!

We are currently looking for a way to integrating it into our CI/CD pipeline to check on used libraries.

After giving it a try I noticed there's currently no way to configure the "linting" rules separately e.g. only checking the maxage or only checking the licenses, packages, ...

Would you be open for PRs for

1. overhauling general stuff e.g. switching to pyproject.toml, uv and ruff for setup and linting
2. adding a CI/CD pipeline itself
3. adding tests
4. enabling smart rule configuration via pyproject.toml / sbomaudit.toml + required opt-in for rules (the most important change for us)
5. (adapting the output format of the report)

?

Happy weekend!

Sincerely,
Benjamin

[anthonyharrison]

Hi @gutzbenj Thanks for reaching out. Glad you like the library and I am always welcome to suggestions for improving the tool.

Help in creating tests and a pipeline would be appreciated.

I currently use isort, black and flake8 for linting/style although this isn't enforced through a github action (it is on my todo list and I have a github action almost ready to roll out across my projects). Would be interested in seeing what ruff etc picks up and how it can help improve the code.

Adding a config file would be interesting. I already have the allow/deny files so creating a config file using toml for these and other parameters would be a good enhancement

As regards moving from setup.py to pyproject.toml - yes this would be useful addition. Would need to understand what the impact of the change is.

Feel free to create issues and pull requests as appropriate.

[gutzbenj]

HI @anthonyharrison ,

thanks for the fast response and openness!

Hope to open some PRs in the next couple of weeks, not sure about the timing though.