cyclonedx-cli
cyclonedx-cli copied to clipboard
CycloneDX
CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
When I merge two sboms: 1. sbom.json `{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:5c3bf41b-655c-47e1-9a10-867f270bb393", "version": 1, "metadata": { "timestamp": "2024-04-16T08:41:32.770Z", "tools": [ { "vendor": "cyclonedx", "name": "cdxgen", "version": "8.6.2" }...
When merging multiple SBOMs and specifying the `--name` and `--version` arguments, then the top level components of the SBOMs must be added to the components list of the new merged...
@coderpatros Is the project still active and accepting PRs? (I'm not sure based on the current PRs) There is some additional functionality I would like to put together. - Add...
C:\Users\INMAS34\Downloads>cyclonedx-win-x64.exe sign bom demoproject.xml Loading private key... Loading XML BOM... Generating signature... Unhandled exception: System.Security.Cryptography.CryptographicException: Could not create hash algorithm object. at System.Security.Cryptography.Xml.Reference.CalculateHashValue(XmlDocument , CanonicalXmlNodeList ) at System.Security.Cryptography.Xml.SignedXml.BuildDigestedReferences() at System.Security.Cryptography.Xml.SignedXml.ComputeSignature()...
Has anyone tried this? _vcpkg generates a SPDX file containing the SBOM information for **each package** that is installed. The files are located in //share//vcpkg.spdx.json._ https://learn.microsoft.com/en-us/vcpkg/reference/software-bill-of-materials I was hoping to...
Is there any document to show the installation steps and how to run this tool?
When you try merge two files in 1.6 version, you get: ``` Unhandled exception: System.ArgumentException: Unsupported specification version: 1.6 at CycloneDX.Models.Bom.set_SpecVersionString(String value) ... ``` [cyclonedx-merge-stacktrace.txt](https://github.com/user-attachments/files/15993989/cyclonedx-merge-stacktrace.txt)
CycloneDX version 1.6 has been released: https://cyclonedx.org/news/cyclonedx-v1.6-released/ currently the tool support schema 1.4 only: `Validating JSON BOM... Incorrect schema version: expected 1.4 actual 1.6 BOM is not valid.` Is there...
Add an output version argument to the merge command; e.g. with --output-version v1_4 you specify that the output format version should be 1.4. Closes: https://github.com/CycloneDX/cyclonedx-cli/issues/349
I'm trying to convert an spdx BOM (obtained via docker-scout) into a cyclone dx file. However, the generated cyclonedx is ~empty! Here's how to reproduce: 1. Obtain the spdx file:...
