cyclonedx-cli
cyclonedx-cli copied to clipboard
CycloneDX
CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
Bumps [System.Security.Cryptography.Xml](https://github.com/dotnet/runtime) from 6.0.1 to 8.0.2. Release notes Sourced from System.Security.Cryptography.Xml's releases. .NET 8.0.2 Release .NET 8.0.1 Release .NET 8.0.0 Release What's Changed [release/8.0-rc1] [release/8.0] Events for IL methods without...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
The latest release of the CycloneDX CLI tool is unable to validate SBOMs conforming to CycloneDX format versions 1.5 and 1.6 that include the modelCard and data elements. These versions...
Bumps [CsvHelper](https://github.com/JoshClose/CsvHelper) from 29.0.0 to 33.0.1. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: #...
Bumps [coverlet.collector](https://github.com/coverlet-coverage/coverlet) from 3.1.2 to 6.0.2. Release notes Sourced from coverlet.collector's releases. v6.0.2 Fixed Threshold-stat triggers error #1634 Fixed coverlet collector 6.0.1 requires dotnet sdk 8 #1625 Type initializer errors...
Bumps [Snapshooter.Xunit](https://github.com/SwissLife-OSS/Snapshooter) from 0.7.1 to 0.14.1. Release notes Sourced from Snapshooter.Xunit's releases. 0.14.1 What's Changed Add .NET 4.6.2 target by @fgreinacher in SwissLife-OSS/snapshooter#195 New Contributors @fgreinacher made their first contribution...
These annotations are useful for people to use manually and for use by tools. For example, Snyk uses them in its UI and Renovate uses them to find release notes....
Re-introduce it in a sense: this was posted earlier as PR #346 and still relies on https://github.com/CycloneDX/cyclonedx-dotnet-library/pull/245 for the bulk of work (`BomEntity` base-class and interface family, etc.) and https://github.com/CycloneDX/cyclonedx-dotnet-library/pull/256...
Bumps dotnet/runtime-deps from 6.0 to 8.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...
This may not even be an issue, but the spdx to CycloneDX converter rejects this string: "referenceCategory": "PACKAGE-MANAGER" but accepts "referenceCategory": "PACKAGE_MANAGER" It's certainly easy to repair these in any...
Hello, I am trying to convert a csv formt sbom in to cyclonedx format with version 1.4 I am using following command : cyclonedx convert --input-file 'Sda.txt' --input-format csv --output-file...
