`source-merge` command

Processes an SBOM and merges the .orig and .debian tarballs. The tarballs have to be downloaded first.

usage: debsbom source-merge [-h] [-t {cdx,spdx}] [--pkgdir PKGDIR]
                            [--outdir OUTDIR]
                            [--compress {no,bzip2,gzip,xz,zstd,lz4}]
                            [--apply-patches]
                            [bomin]

Positional Arguments

bomin: sbom file to process. Use ‘-’ to read SBOM from stdin

Named Arguments

-t, --sbom-type

Possible choices: cdx, spdx

SBOM type to process (default: auto-detect)

--pkgdir

directory with downloaded packages

Default: 'downloads/sources'

--outdir

directory to store the merged files

Default: 'downloads/sources'

--compress

Possible choices: no, bzip2, gzip, xz, zstd, lz4

compress merged tarballs (default: gzip)

Default: 'gzip'

--apply-patches

apply debian patches

Default: False

source-merge command

Positional Arguments

Named Arguments

`source-merge` command