cyclonedx-cli
cyclonedx-cli copied to clipboard
CycloneDX
CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
Cyclone Dx is dependent on so many other tools , like for C/C++ we need conan package manager . I propose we use ScanCode https://github.com/nexB/scancode-toolkit to look into binaries and...
When merging valid XML files (generated using cyclonedx-node and dotnet CycloneDX) the cyclonedx-win-x64 OR cyclonedx-win-x86 tools the resulting file is encoded UTF-8-BOM and the file in rejected by Dependency tracked...
OS: macOS 12.3.1 (Intel) cyclonedx-cli version: 0.24.0 docker image: cyclonedx/cyclonedx-cli:latest (f60f7e593c84) Step to do on the mac: - Generate key: `cyclonedx keygen` - Generate BOM file: `cargo cyclonedx -a --output-cdx`...
Dear Community, Thank you for reading this report. There is a CycloneDX SBOM JSON file I generated with CycloneDX Maven Plugin which passed validation of the CLI tool. However, after...
How to remove duplicate entries from file after merge two separate sbom file? I have generated 2 separate sbom file and both files have few common information and i want...
version: ``` cyclonedx-linux-x64 --version 0.24.0 ``` operating system and version: ``` Linux x64, SuSE SLES 15SP2 ``` reproducible steps: if you use an CSV file with other separators as `,`...
I'm using the CLI to ensure that `cyclonedx-go` and `cyclonedx-gomod` produce valid BOMs. While implementing support for spec v1.4 in `cyclonedx-go`, I noticed that some JSON BOMs fail to validate...
I've tried to merge SBOMs, in 1 of which there is next component: ``` org.jpype cpe:2.3:a:org.jpype:org.jpype:*:*:*:*:*:*:*:* pkg:maven/org.jpype/org.jpype c65b70607ea15cc2d95efdf4e2ea94ce65100eb6 java-cataloger java JavaMetadata java-archive sha256:531683537a69f672df2f68b5a23a3060046e48325191c517a9fd08dfe923a430 /home/dragent/.local/share/virtualenvs/dragent-WrTQ1u9h/lib/python3.8/site-packages/org.jpype.jar /home/dragent/.local/share/virtualenvs/dragent-WrTQ1u9h/lib/python3.8/site-packages/org.jpype.jar ``` When I've executed the...
Hello, after merging SBoMs with the CLI the Dependency-Graph in Dtrack for that SBoM is only showing the first hierarchy level (the primary-components of the merged SBoMs), but not any...
The cli will allow a user to sign a bom with multiple keys by specifying a different private key in the `--key-file` argument when run multiple times, (It will also...
