cyclonedx-cli
cyclonedx-cli copied to clipboard
CycloneDX
CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
I am using syft version `1.4.1` to generate SBOM using an image, the generated SBOM have the correct `metadata.tools` values which can be seen below ``` "metadata": { "timestamp": "2024-05-28T09:21:33Z",...
Converting between SPDX (JSON) format to CycloneDX (JSON or XML) does not seem to work. To test it I: 1) Downloaded an SPDX file from Gitub as a sample Firefox...
Snapshooter tries to access "/_" instead of the full path. See https://github.com/SwissLife-OSS/snapshooter/issues/196 For instance, ``` Failed CycloneDX.Cli.Tests.ConvertTests.ConvertToSpdxJson(outputFormat: spdxjson) [9 ms] Error Message: System.UnauthorizedAccessException : Access to the path '/_/tests/cyclonedx.tests/__snapshots__' is...
I have 2 SBOM files. One created with `cyclonedx-maven-plugin` ```json { "bomFormat" : "CycloneDX", "specVersion" : "1.6", "metadata" : { "tools" : { "components" : [ { "type" : "library",...
Bumps [actions/setup-dotnet](https://github.com/actions/setup-dotnet) from 3.0.2 to 4.1.0. Release notes Sourced from actions/setup-dotnet's releases. v4.1.0 What's Changed Add workflow file for publishing releases to immutable action package by @Jcambass in actions/setup-dotnet#548 Upgrade...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.1.0 to 4.2.2. Release notes Sourced from actions/checkout's releases. v4.2.2 What's Changed url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941 Expand unit test coverage for...
Hello, I think there are various errors when validating a CycloneDX format in version 1.6. ## Requirements: ``` $ trivy --version Version: 0.56.1 [...] $ cyclonedx-cli --version 0.27.1+6c0e6c8f45d446ed4a28891040592e4ae4a39c3c ``` ##...
Version `cyclonedx-cli:0.27.1`, CycloneDX format 1.6 When trying to validate sbom that was produced with `cyclonedx-cli merge`, I get the following errors: ``` \"$.vulnerabilities[244].ratings[8].method: does not have a value in the...
Given the following two test files, their merged output does not deduplicate components as mentioned in https://github.com/CycloneDX/cyclonedx-python-lib/issues/540#issuecomment-2343195560 File `test/in1.json`: ```json { "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5", "metadata": {"component": {"bom-ref":...
Conversion from XML to JSON fails with cyclonedx-cli 0.26.0, while it works fine with 0.25.1: ``` PS C:\>cyclonedx-cli --version 0.25.1+03b8019b24e847b6fdc91822eae2e9a220d525fa PS C:\>cyclonedx-cli convert --input-file test.cdx.xml --output-format json --output-file test.cdx.json ```...
