cdxgen issues

Not able to generate Dependency Graph on Dependency Tracker with sbom generated with cdxgen

12

Hi @prabhu I am not able to get the Dependency Graph when I upload the sbom generated through cdxgen tool using the below command: # cdxgen -r -p -o bom.json...

abhinavsaxena-webengage

enhancement

intg:dtrack

Missing transitive dependencies - package.json

8

Hi, We are using cdxgen for building our SBOM file. We are using --required-only flag to avoid optional and dev dependencies. Then we are consuming this SBOM with Dependency track....

blazgvajc

enhancement

intg:dtrack

[ml-bom] Evaluate the data quality of llmstats

https://github.com/JonathanChavezTamales/LLMStats Or use the api approach like this https://huggingface.co/spaces/NyxKrage/LLM-Model-VRAM-Calculator/blob/main/index.html

prabhu

Support for multiple bom files generation

cdxgen could support generating multiple BOM files for a given project. We can support few styles of splitting and implement it as a [postgen](https://github.com/CycloneDX/cdxgen/blob/master/lib/stages/postgen/postgen.js) step. Having such more granular representation...

prabhu

Consider Funding

[atom] sbom for the npm package

Need to test with `-t js -t jar -t php` https://github.com/AppThreat/atom/issues/164

prabhu

SBOM generation should fail on unknown pom.xml dependency

3

`pom.xml` with the non-existent `abc/def` dependency: ```xml 4.0.0 foo bar jar 1.0.0 foo abc def 1.2.3 ``` Command: > CDXGEN_DEBUG_MODE=debug PREFER_MAVEN_DEPS_TREE=true cdxgen --fail-on-error --no-include-formulation --no-recurse --output sbom.json --type java ##...

metametadata

maven

Seeing multiple versions of dependencies in a direct dependency

10

Using cdxgen latest version 9.9.4 The sbom generated by cdxgen has 2 different version on same dependencies. Why does it list 2 different versions for the same dependencies?

swkrkris

Confusing warning "Dependency tree is partial lacking child nodes."

4

## Steps 1) `pom.xml`: ```xml 4.0.0 foo bar jar 1.0.0 foo com.mysql mysql-connector-j 9.0.0 protobuf-java com.google.protobuf ``` 1) Command: > CDXGEN_DEBUG_MODE=debug PREFER_MAVEN_DEPS_TREE=true cdxgen --fail-on-error --no-include-formulation --no-recurse --output sbom.json --type java...

metametadata

Support for terraform modules

1

Request from a client. Also, 2022 could be the year that gets the first public CVE for terraform providers and modules.

prabhu

[npm] support for git dependencies in the lock file

https://github.com/CycloneDX/cdxgen/actions/runs/11120279295/job/30897019520?pr=1399#step:62:20 ``` Unable to extract name and version for string difflib@https://codeload.github.com/postlight/difflib.js/tar.gz/32e8e38c7fcd935241b9baab71bb432fd9b166ed ```

prabhu

cdxgen
cdxgen copied to clipboard

Metadata

Not able to generate Dependency Graph on Dependency Tracker with sbom generated with cdxgen

Missing transitive dependencies - package.json

[ml-bom] Evaluate the data quality of llmstats

Support for multiple bom files generation

[atom] sbom for the npm package

SBOM generation should fail on unknown pom.xml dependency

Seeing multiple versions of dependencies in a direct dependency

Confusing warning "Dependency tree is partial lacking child nodes."

Support for terraform modules

[npm] support for git dependencies in the lock file

← Metadata

Owner

Metadata

cdxgen cdxgen copied to clipboard

Metadata

← Metadata

Owner

Metadata

cdxgen
cdxgen copied to clipboard