How to use sbom extension with conan binary release? Missing dependencies

[peakschris]

I am trying to use the sbom extension with the binary release of conan:

<download conan.exe>
conan config install https://github.com/conan-io/conan-extensions.git
conan.exe sbom:cyclonedx --format 1.4_json conanfile.py
The sbom extension needs an additional package, please run:
pip install 'cyclonedx-python-lib>=5.0.0,<6'
ERROR: Exiting with code: 1

The sbom instructions say: pip install 'cyclonedx-python-lib>=5.0.0,<6'.

However, we (deliberately) do not have python/pip on the path for all our developers.

Is there a way to package the cyclonedx package so that it can be used with conan.exe?

Thanks, Chris

[memsharded]

Hi @peakschris

I am afraid that by its nature, it is not possible to use extensions like this one that use external pip packages with the self-contained executables, because they contain a limited and isolated python interpreter.

Is there a way to package the cyclonedx package so that it can be used with conan.exe?

Yes, it is possible, check the pyinstaller.py in the root of the repo: https://docs.conan.io/2/installation.html#use-a-system-installer-or-create-a-self-contained-executable

If you run that in an environment with the pip dependencies installed, and add them to --hidden-import, they will be bundled together with the interpreter.

Please try that and let us know.