cdxgen
cdxgen copied to clipboard
CycloneDX
Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission t...
https://github.com/CycloneDX/cdxgen/blob/de9c715c755c18824c715f06b35d00b998b9ab15/lib/helpers/utils.js#L116 Quoting arguments can make the `shell: true` invocations safer. Change needs to be done properly with unit tests and repo tests etc, especially for Windows.
#### Describe the enhancement: cdxgen sets the `metadata.component.name` to placeholders like "app" or "project" when it cannot resolve the correct name. These should be flagged in debug mode. #### Expected...
#### Describe the bug: When generating an SBOM for a Ruby project using cdxgen, the metadata.component.name is incorrectly set to `app` instead of reading the spec.name from the `.gemspec` file...
https://devblogs.microsoft.com/dotnet/announcing-dotnet-run-app/ \#:package \#:sdk
cdxgen could attempt to [build](https://docs.docker.com/reference/cli/docker/compose/build/) compose files using `${dockerCmd} compose` command, when `installDeps` is set to true. A performance tweak could be to first check for existing images using compose...
We need to find a way to identify the installation method. Related: https://github.com/package-url/purl-spec/discussions/473
Evinse (research profile) only supports one type at a time. This limits its potential when dealing with polyglot projects and monorepos. Plus, the default file names for the slices do...
Our new server `asin` includes an Intel Arc GPU (!). I installed the client drivers by following the instructions [here](https://dgpu-docs.intel.com/driver/client/overview.html) and generated a OBOM with cdxgen. While all these third-party...
Noticed that some rust projects such as rustdesk have [vendored](https://github.com/rustdesk/rustdesk/tree/master/libs) dependencies. cdxgen does detect all of them and correctly sets the identity evidence. Perhaps it can set the [workspace](https://github.com/rustdesk/rustdesk/blob/c9d5e15ac0c807da4e4f7c1d9312f4d245238a78/Cargo.toml#L189) properties,...
Apparently, DejaCode only supports license expressions up to 1024 characters long. The SBOM for the cdxgen container image (also generated by cdxgen) has some longer expressions. From a quick look,...