Filter SBOM by sources or binaries by ssnaaz · Pull Request #184 · siemens/debsbom

ssnaaz · 2026-03-03T06:59:56Z

No description provided.

ssnaaz · 2026-03-03T07:09:38Z

debsbom filter command:

debsbom filter -h
usage: debsbom filter [-h] [-t {cdx,spdx}] [--sources] [--binaries] BOMIN bomout

positional arguments:
  BOMIN                 sbom file(s) to process for 'bomin'. Use '-' to read from stdin
  bomout                sbom output file. Use '-' to write to stdout

options:
  -h, --help            show this help message and exit
  -t, --sbom-type {cdx,spdx}
                        SBOM type to process (default: auto-detect), required when reading from stdin
  --sources             operate only on source packages (skip binaries)
  --binaries            operate only on binary packages (skip sources)

fmoessbauer · 2026-03-03T13:07:15Z

src/debsbom/commands/input.py

 from ..util.sbom_processor import SbomProcessor
 from ..resolver.resolver import PackageResolver, PackageStreamResolver
-from ..sbom import SBOMType
+from ..sbom import SBOMType, SPDX_REF_DOCUMENT


Why do we import SPDX_REF_DOCUMENT here? This code location should be sbom type agnostic.

fmoessbauer · 2026-03-03T13:08:02Z

README.md

    repack              repack sources and sbom
    export              export SBOM as graph
    delta               list components added in target SBOM
+    filter              filter SBOM by sources or binaries


The commands are getting more and more. How about sorting them by alphabet?

fmoessbauer · 2026-03-03T13:09:28Z

Hi @ssnaaz , thanks for implementing this. The implementation already looks pretty clean. Just some minor remarks that need to be fixed before merging.

... and please add a test (both a smoke test in the GH actions as well as a unit test).

Signed-off-by: Syeda Shagufta Naaz <syedashagufta.naaz@siemens.com>

- filter the SBOM input by sources or binaries - preserve the dependency tree - sort commands alphabetically Signed-off-by: Syeda Shagufta Naaz <syedashagufta.naaz@siemens.com>

Signed-off-by: Syeda Shagufta Naaz <syedashagufta.naaz@siemens.com>

ssnaaz · 2026-03-05T09:54:07Z

@fmoessbauer Thank you for the feedback, I have updated the MR, please have a look.

fmoessbauer reviewed Mar 3, 2026

View reviewed changes

refactor(input): filter out the common dependency logic

9167614

Signed-off-by: Syeda Shagufta Naaz <syedashagufta.naaz@siemens.com>

ssnaaz force-pushed the filter_SBOM branch 2 times, most recently from 131e731 to 4e1e574 Compare March 5, 2026 09:45

feat: add filter command to exclude sources or binaries from the SBOM

5fea0f4

- filter the SBOM input by sources or binaries - preserve the dependency tree - sort commands alphabetically Signed-off-by: Syeda Shagufta Naaz <syedashagufta.naaz@siemens.com>

ssnaaz force-pushed the filter_SBOM branch from 4e1e574 to 0fbf685 Compare March 5, 2026 09:48

chore(tests): add tests for filter command

20adcef

Signed-off-by: Syeda Shagufta Naaz <syedashagufta.naaz@siemens.com>

ssnaaz force-pushed the filter_SBOM branch from 0fbf685 to 20adcef Compare March 5, 2026 09:49

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Filter SBOM by sources or binaries#184

Filter SBOM by sources or binaries#184
ssnaaz wants to merge 3 commits intosiemens:mainfrom
ssnaaz:filter_SBOM

ssnaaz commented Mar 3, 2026

Uh oh!

ssnaaz commented Mar 3, 2026

Uh oh!

fmoessbauer Mar 3, 2026

Uh oh!

fmoessbauer Mar 3, 2026

Uh oh!

fmoessbauer commented Mar 3, 2026

Uh oh!

ssnaaz commented Mar 5, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

ssnaaz commented Mar 3, 2026

Uh oh!

ssnaaz commented Mar 3, 2026

Uh oh!

fmoessbauer Mar 3, 2026

Choose a reason for hiding this comment

Uh oh!

fmoessbauer Mar 3, 2026

Choose a reason for hiding this comment

Uh oh!

fmoessbauer commented Mar 3, 2026

Uh oh!

ssnaaz commented Mar 5, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants