Skip to content
/ Sunshine Public

Sunshine - SBOM visualization tool

cyclonedx.org

License

Apache-2.0 license
99 stars 11 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

CycloneDX/Sunshine

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

46 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
index.html
index.html
 
 
requirements.txt
requirements.txt
 
 
sample.html
sample.html
 
 
sample_enriched.html
sample_enriched.html
 
 
sunshine.py
sunshine.py
 
 

Repository files navigation

  ░██████   ░██     ░██ ░███    ░██   ░██████   ░██     ░██ ░██████░███    ░██ ░███████ 
░██         ░██     ░██ ░██░██  ░██ ░██         ░██     ░██   ░██  ░██░██  ░██ ░██        
 ░████████  ░██     ░██ ░██ ░██ ░██  ░████████  ░██████████   ░██  ░██ ░██ ░██ ░██████  
        ░██ ░██     ░██ ░██  ░██░██         ░██ ░██     ░██   ░██  ░██  ░██░██ ░██             
  ░██████     ░██████   ░██    ░███   ░██████   ░██     ░██ ░██████░██    ░███ ░███████

Sunshine: actionable CycloneDX visualization tool.

It takes a JSON CycloneDX file as input and provides as output an HTML containing a chart and table representation of the components, dependencies, vulnerabilities and licenses. It can also enrich data by adding EPSS and CISA KEV information. See a sample HTML output here without enriched data and here with enriched data.


Can be used in 2 ways:

  • As a web application: all submitted data is processed locally within your browser, without being transmitted anywhere else.
  • As a standalone CLI tool.

Usage of the web application:


Usage of the CLI version: 
# Installing dependencies
pip3 install -r requirements.txt

# Basic usage without data enrichment
python sunshine.py -i your-input.json -o your-output.html

# Basic usage with EPSS and CISA KEV data enrichment
python sunshine.py -i your-input.json -o your-output.html -e

# All options
sunshine.py [-h] [-i INPUT] [-o OUTPUT] [-e] [-k] [-cs] [-hs] [-ms] [-ls] [-c MIN_CVSS] [-p MIN_EPSS] [-n]
options:
  -h, --help                              show this help message and exit
  -i, --input INPUT                       path of input CycloneDX file
  -o, --output OUTPUT                     path of output HTML file
  -e, --enrich                            enrich CVEs with EPSS and CISA KEV
  -k, --only-in-cisa-kev                  show only vulnerabilities in CISA KEV
  -cs, --only-critical-severity           show only vulnerabilities with critical severity
  -hs, --only-high-severity-or-above      show only vulnerabilities with high severity or above
  -ms, --only-medium-severity-or-above    show only vulnerabilities with medium severity or above
  -ls, --only-low-severity-or-above       show only vulnerabilities with low severity or above
  -c, --min-cvss MIN_CVSS                 show only vulnerabilities with score equal to or greater than the selected value, which can be in rage 0.0-10.0
  -p, --min-epss MIN_EPSS                 show only vulnerabilities with EPSS equal to or greater than the selected value, which can be in rage 0.00-1.00
  -n, --no-segment-limit                  prevent the automatic conversion of charts with many segments into still images

Credits:

About

Sunshine - SBOM visualization tool

cyclonedx.org

Topics

owasp bom bill-of-materials software-bill-of-materials sbom cyclonedx

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

99 stars

Watchers

7 watching

Forks

11 forks
Report repository

Releases

No releases published

Sponsor this project

Packages

No packages published

Contributors 4

Languages