ChatSBOM

Talk to your Supply Chain. Chat with SBOMs.

ChatSBOM is a CLI tool for indexing and querying Software Bill of Materials (SBOM) data, providing deep insights into project dependencies.

Features

Discover: Find high-quality repositories on GitHub by stars and language.
Collect: Enrich metadata and fetch dependency files (go.mod, package.json, etc.).
Generate: Transform files into standard SBOM format using Syft.
Index: Load SBOM data into ClickHouse for high-performance queries.
Query: Use the CLI for stats/searches to get insights into project dependencies.
Chat: Use the AI-powered natural language chat to chat with SBOM data.

Getting Started

1. Prerequisites

Docker (for ClickHouse)
Syft (for SBOM generation)
uv (for AI-powered chat feature)

2. Installation

# Via pip
pip install chatsbom

# Via pipx
pipx install chatsbom

# Or run directly via uvx
uvx chatsbom

3. Setup

Start Database

Option 1: Using docker compose

docker compose up -d

Option 2: Using docker run

docker run -d --name clickhouse -p 8123:8123 --ulimit nofile=262144:262144 clickhouse/clickhouse-server:25.12-alpine
docker exec clickhouse clickhouse-client -q "CREATE DATABASE IF NOT EXISTS chatsbom"
docker exec clickhouse clickhouse-client -q "CREATE USER IF NOT EXISTS admin IDENTIFIED BY 'admin'"
docker exec clickhouse clickhouse-client -q "GRANT ALL ON *.* TO admin WITH GRANT OPTION"
docker exec clickhouse clickhouse-client -q "CREATE USER IF NOT EXISTS guest IDENTIFIED BY 'guest'"
docker exec clickhouse clickhouse-client -q "GRANT SELECT ON chatsbom.* TO guest"
docker exec clickhouse clickhouse-client -q "ALTER USER guest SET PROFILE readonly"

Configure Environment: Set your API keys

export GITHUB_TOKEN="your_github_token"
export ANTHROPIC_AUTH_TOKEN="your_anthropic_token"

4. Basic Workflow

# 1. Search and collect data
chatsbom github search --language go --min-stars 10000
chatsbom github repo --language go
chatsbom github release --language go
chatsbom github commit --language go
chatsbom github content --language go

# 2. Generate and index SBOMs
chatsbom sbom generate --language go
chatsbom db index --language go

# 3. Query insights
chatsbom db status
chatsbom db query gin
chatsbom chat

Use Case: Analyzing Framework Adoption

Find the most popular projects depending on a specific library (e.g., gin) using natural language.

Name		Name	Last commit message	Last commit date
Latest commit History 229 Commits
.github/workflows		.github/workflows
chatsbom		chatsbom
database/config/users.d		database/config/users.d
figures		figures
tests		tests
.env.example		.env.example
.gitignore		.gitignore
.pre-commit-config.yaml		.pre-commit-config.yaml
.python-version		.python-version
README.md		README.md
docker-compose.yaml		docker-compose.yaml
pyproject.toml		pyproject.toml
test-dev.sh		test-dev.sh
test-prod.sh		test-prod.sh
uv.lock		uv.lock

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

ChatSBOM

Features

Getting Started

1. Prerequisites

2. Installation

3. Setup

Start Database

Configure Environment: Set your API keys

4. Basic Workflow

Use Case: Analyzing Framework Adoption

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Languages

WangYihang/ChatSBOM

Folders and files

Latest commit

History

Repository files navigation

ChatSBOM

Features

Getting Started

1. Prerequisites

2. Installation

3. Setup

Start Database

Configure Environment: Set your API keys

4. Basic Workflow

Use Case: Analyzing Framework Adoption

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Packages