cyclonedx-cli
cyclonedx-cli copied to clipboard
CycloneDX
CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
When merging 2 BOMs license information is being lost. Example with 2 licenses before merge: ```xml javax.xml.stream stax-api 1.0-2 StAX is a standard XML processing API that allows you to...
I've validated SBOM by the command `cyclonedx-cli validate --input-file ${NGINX_REPORTS}/Details/Anchore-SBOM.xml --input-version v1_4`, built by Anchore Syft with next component inside: ``` GD Team libgd3 2.3.0-2 BSD-3-Clause GD GPL-2.0 GPL-2.0+ HPND...
Requesting enhancement to return the line/s that failed validation for json/xml. * Go from this current output * [badType_log4j_2.17.2_cyclonedx_1.3_sbom.json](https://raw.githubusercontent.com/DavidLambertCyber/share/master/badType_log4j_2.17.2_cyclonedx_1.3_sbom.jsonl) ``` ->$ cyclonedx-cli validate --input-file ./badType_log4j_2.17.2_cyclonedx_1.3_sbom.json Unable to validate against any...
When an SBOM describes an application (A) which is built on top of a complex component (B) for which a separate SBOM is available, there is a need to ensure...
I've merged 2 SBOMs, but found that resulting SBOM doesn't contain `metadata.component` from original SBOMs. Executed command: ``` cyclonedx-cli merge \ --input-files ${NGINX_REPORTS}/Details/Anchore-SBOM.xml ${NGINX_REPORTS}/Details/CI-SBOM.xml \ --output-file ${NGINX_REPORTS}/Details/SBOM-merged.xml ``` If add...
I've merged 2 SBOMs, but found that resulting SBOM doesn't contain metadata.component from original SBOMs. Executed command: `cyclonedx-cli merge --input-files ${NGINX_REPORTS}/Details/Anchore-SBOM.xml ${NGINX_REPORTS}/Details/CI-SBOM.xml --output-file ${NGINX_REPORTS}/Details/SBOM-merged.xml` Here is what I see at...
Not able to run the given dockerfile, after cloning the repo as I am getting below error message. "COPY failed: file not found in build context or excluded by .dockerignore:...
When running the cyclonedx-win-x64 CLI, it is prefixing the file to be added with a "\\" and looking for it in the drive root and thus throwing the FileNotFoundException. Adding...
I'd like to be able to do things like set the authors and supplier in the BOM's metadata when merging.
Using the CLI to convert CSV files to CycloneDX SBOMS The cli convert option does not appear to pull in data from a column named "Dependencies". It either doesn't support...
