cdxgen
cdxgen copied to clipboard
CycloneDX
Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission t...
Like Java 21 etc, while the current image could become a rolling version.
What if cdxgen creates a cache directory to cache the output from the external commands and APIs and reuse it upon subsequent invocation (with the `--enable-cache` argument or default in...
I am trying to generate SBOM on Maven project. It however hangs on `mvnw org.cyclonedx:cyclonedx-maven-plugin:2.8.0:makeAggregateBom -DoutputName=bom -DincludeTestScope=true` for ~1h then reverting to `mvnw dependency:tree -DoutputFile=/tmp/cdxmvn-8qMLXx/mvn-tree.txt` which hangs too with no...
For c language, atom is invoked to create the usages slices. Due to some recent optimizations, any existing .atom and slices file gets reused. Since repotests for c is getting...
@prabhu, I tried to create a sbom for a golang project using : cdxgen -t golang -o sbom.json --spec-version 1.4, but the sbom result have an empty list dependencies. how...
We may have to replace this package at some point.
when I run cdxgen -t java -o artifactSBOM.json --spec-version=1.4 on a java project, it gives the message "mvn org.cyclonedx:cyclonedx-maven-plugin:2.8.0:makeAggregateBom -DoutputName=bom -DincludeTestScope=true -q -DschemaVersion=1.4", but I don't want to include the...
Deno seems to encourage golang style imports of http and jsr packages. These currently would not be reported by cdxgen. ``` import { VERSION } from "https://deno.land/std/version.ts"; ``` ``` import...
Hi, First of all thanks for the CDXGEN. I am really liking it.. I have few questions 1. Can we run CDXGEN in HA i.e multiple docker containers of CDXGEN...
Skip analyzing private packages in maven projects so that cdxgen can do subsequent analysis. The log info is as follow: ``` Resolve the above maven error. This could be due...
