cyclonedx-cli
cyclonedx-cli copied to clipboard
CycloneDX
CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
We started getting validation errors for `merge`d BOMs recently, that the license schema was invalid: > #/components/152/licenses/0/license: Expected 1 matching subschema but found 0 Upon inspection, this is because the...
Mend reports are a fairly standard JSON and actually have the necessary information in to create a valid CycloneDX JSON with valid Purls [demo_mend_ua.json.zip](https://github.com/CycloneDX/cyclonedx-cli/files/11703622/demo_mend_ua.json.zip) This is a sample one and...
It is a a bit of guess work to know what the columns are for a CSV to be able to create a valid SBOM. What I have done is...
I can create a CSV that the tool will convert into a valid SBOM and that will import into dependency track. Unfortunately, if it is just the name and version...
Requesting the flag --ignore-symlinks for add files, such that the code skips the link before any traversing in order to avoid any permission, or other errors. Thank you.
Problem ===== I try to merge a SBOM created via https://github.com/CycloneDX/cyclonedx-node-npm to another SBOM. The NPM SBOM contains extra properties for the toplevel components and subcomponents e.g. it looks like...
I have approximately a hundred SBOM files generated by cyclonedx maven plugin from particular versions of sources (a dozen top-level delivered services and their dependencies, ours and eventually third-party), and...
The documention states: > Note: To perform a hierarchical merge all BOMs need the subject of the BOM described in the metadata component element. There are no details here as...
```powershell cyclonedx diff api-json/jenkins.json json/jenkins-cyclonedx.json --component-versions Unhandled exception: System.Text.Json.JsonException: The JSON value could not be converted to CycloneDX.Models.Bom. Path: $ | LineNumber: 0 | BytePositionInLine: 1. at System.Text.Json.ThrowHelper.ThrowJsonException_DeserializeUnableToConvertValue(Type ) at...
The Binaries downloaded from: [v0.24.2](https://github.com/CycloneDX/cyclonedx-cli/releases/tag/v0.24.2) Do not have an explicit hashsum file. And the automated github api also does not include hashsums. https://api.github.com/repos/CycloneDX/cyclonedx-cli/releases/latest The sha256sum could not be validated without...
