cdxgen
cdxgen copied to clipboard
CycloneDX
Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission t...
We need some docs on evaluating and benchmarking cdxgen with other tools.
None of the maintainers are actually using or testing the appimage version of cdxgen. Perhaps it is time to deprecate and eventually remove this format from releases. It must be...
https://github.com/nodejs/node/pull/52535 We might need some refactoring for nested [functions](https://github.com/CycloneDX/cdxgen/blob/a59a97d86cff949242b12f18a58414842bc70aa0/utils.js#L9773) and dynamic [imports](https://github.com/CycloneDX/cdxgen/blob/a59a97d86cff949242b12f18a58414842bc70aa0/bin/cdxgen.js#L607), which might fail.
https://github.com/owasp-dep-scan/dep-scan depscan can accept the `--bom` argument to enhance and create a VDR/VEX file. What if cdxgen could invoke depscan and submit the resulting VDR to the dependency track server...
This could improve deno and bun compatibility and might offer slight improvements to performance. https://github.com/nodejs/undici
In the cdxgen update, a new function, mvn dependency:copy-dependencies, was added after the makeAggregateBom task. This addition has completely broken my pipelines because makeAggregateBom was working with the pom.xml file...
https://github.com/CycloneDX/cdxgen/issues/713 will be quite the undertaking 😅 As an alternative approach (and my personal preference), let's slowly start adding [JSDoc comments/types](https://jsdoc.app/) to the codebase
I'd like to suggest we configure [Renovate Bot](https://docs.renovatebot.com) on this repository to help automate pull requests for dependency updates. We can use it to help maintain the following managers -...