cdxgen
cdxgen copied to clipboard
Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission t...
Hi @prabhu I am not able to get the Dependency Graph when I upload the sbom generated through cdxgen tool using the below command: # cdxgen -r -p -o bom.json...
Hi, We are using cdxgen for building our SBOM file. We are using --required-only flag to avoid optional and dev dependencies. Then we are consuming this SBOM with Dependency track....
https://github.com/JonathanChavezTamales/LLMStats Or use the api approach like this https://huggingface.co/spaces/NyxKrage/LLM-Model-VRAM-Calculator/blob/main/index.html
cdxgen could support generating multiple BOM files for a given project. We can support few styles of splitting and implement it as a [postgen](https://github.com/CycloneDX/cdxgen/blob/master/lib/stages/postgen/postgen.js) step. Having such more granular representation...
Need to test with `-t js -t jar -t php` https://github.com/AppThreat/atom/issues/164
`pom.xml` with the non-existent `abc/def` dependency: ```xml 4.0.0 foo bar jar 1.0.0 foo abc def 1.2.3 ``` Command: > CDXGEN_DEBUG_MODE=debug PREFER_MAVEN_DEPS_TREE=true cdxgen --fail-on-error --no-include-formulation --no-recurse --output sbom.json --type java ##...
Using cdxgen latest version 9.9.4 The sbom generated by cdxgen has 2 different version on same dependencies. Why does it list 2 different versions for the same dependencies?
## Steps 1) `pom.xml`: ```xml 4.0.0 foo bar jar 1.0.0 foo com.mysql mysql-connector-j 9.0.0 protobuf-java com.google.protobuf ``` 1) Command: > CDXGEN_DEBUG_MODE=debug PREFER_MAVEN_DEPS_TREE=true cdxgen --fail-on-error --no-include-formulation --no-recurse --output sbom.json --type java...
Request from a client. Also, 2022 could be the year that gets the first public CVE for terraform providers and modules.
https://github.com/CycloneDX/cdxgen/actions/runs/11120279295/job/30897019520?pr=1399#step:62:20 ``` Unable to extract name and version for string difflib@https://codeload.github.com/postlight/difflib.js/tar.gz/32e8e38c7fcd935241b9baab71bb432fd9b166ed ```