cdxgen
cdxgen copied to clipboard
CycloneDX
Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission t...
I noticed the following: - [org.springframework.data:spring-data-commons:3.0.2](https://mvnrepository.com/artifact/org.springframework.data/spring-data-commons/3.0.2) claims to be licensed under Apache 2.0 – cdxgen doesn't reflect this - [io.cucumber:tag-expressions:4.0.2](https://mvnrepository.com/artifact/io.cucumber/tag-expressions/4.0.2) claims to be licensed under MIT – cdxgen doesn't reflect...
cdxgen is getting promoted to a production project status within OWASP. We announced this earlier this month on [Slack](https://cyclonedx.slack.com/archives/C04NFFE1962/p1757017348171339). With the v11.8.0 release complete, we will work on migrating the...
https://apogliaghi.com/2025/09/crypto-miner-in-hotio/qbittorrent/ ``` ghcr.io/hotio/qbittorrent@sha256:3779f89712dbaa8b25fc22897d0b471ee29049b2b0f8d3c192df83b098c84fc5 ```
As stated [here](https://github.com/CycloneDX/cdxgen/issues/2363#issuecomment-3320308694), we should start creating and releasing VEX documents. The biggest question is how/where to host these and/or otherwise get them out to our customers. Awareness probably needs...
cdxgen (npm) -> atom (npm with bundled jars) -> (chen) -> [email protected] via [email protected] https://github.com/AppThreat/overflowdb2/issues/3 The actual CVE is a DoS vulnerability in `ClassUtils.getClass`. It isn't a vulnerability at all,...
Hi I think I ran into the same issue as described here: https://github.com/CycloneDX/cdxgen/issues/243 When generating a bom.json with "cdxgen -o bom.json" and uploading the file into Dependency Track (https://docs.dependencytrack.org/) it...
Hi, Thanks for implementing the feature of adding custom author information. using which i was able to create SBOMs with custom author information  However when we push the SBOM...
This ticket is to enhance cdxgen to populate the `dependencies` array for OCI components. This will help with visualizing the Dependency Graph within Dependency Track
I am currently implementing this tool into our pipelines (kudos, btw, on creating a great all-in-one CycloneDX SBOM Generator) and the pipeline is still still passing, although an error is...
The cdxgen tool currently lacks support for setting the isLatest property when creating a project and upload SBOM in Dependency Tracker. This property is essential for marking the most recent...