pypi-tea

SBOM Coverage for PyPI Packages

Loading stats...

Packages Explored

Unique package versions checked

Packages with SBOMs

At least one wheel contains an SBOM

SBOM Coverage

Percentage of packages with SBOMs

Wheels with SBOMs

Individual .whl files containing SBOMs

Package SBOM Coverage

SBOM Formats

Detected by parsing file content (not file extensions)

SBOM Validation

Schema validation against CycloneDX / SPDX specs

SBOM Encoding

File format breakdown (JSON, XML, tag-value)

Packages Explored Over Time (daily)

Cumulative SBOM Discovery

Wheel-Level Breakdown

Each package version ships multiple wheels (one per platform/Python version). This shows SBOM coverage at the individual wheel level.

Total Wheels

With SBOM

Without SBOM

- of wheels include an SBOM

How to use TEA

The Transparency Exchange API (TEA) is an open standard for discovering SBOMs. You can query this server using tea-cli:

# Install the TEA CLI
$ pip install libtea[cli]

# Inspect a PyPI package — discovers SBOMs via TEA in one shot
$ tea-cli inspect "urn:tei:purl:pypi.sbomify.com:pkg:pypi/[email protected]"

# Search for a specific package version by PURL
$ tea-cli search-releases --id-type PURL \
    --id-value "pkg:pypi/[email protected]" --domain pypi.sbomify.com

Also available as a Python library: from libtea import TeaClient