cyclonedx-cli
cyclonedx-cli copied to clipboard
CycloneDX
CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
The documentation needs a review before an official v1 release. Current TODO: - [ ] basic example usage for each command - [ ] more docker image usage examples -...
It is not clear to me - does the cli tool support JSF signatures? The advantage is that verification can be done on the SBOM without an additional public key...
CycloneDX SBOMs can be signed at the root bom level and can also be signed on a component level. This enhancement request is to add support for applying signatures to...
when i start the cli i get the following message To automatically close the console when debugging stops, enable Tools->Options->Debugging->Automatically close the console when debugging stops. Press any key to...
### Problem overview CycloneDX tools vary in their support for dependency graph information. For example, `cyclonedx-dotnet`@0.19.0 supports it, while `cyclonedx-node-module` does not due to https://github.com/CycloneDX/cyclonedx-node-module/issues/61. When merging SBOMs in a...
After upgrading `cyclonedx-cli` from v0.16.0 to v0.19.0, it was observed that XML BOMs produced by the `merge` command started being rejected when uploaded to Dependency Track v4.3.6. The issue is...
There's a few use cases I'd like to cover off: - [x] generate BOM for files in a directory - [x] add files in directory to existing BOM (where they...
When a component has been included with hashes it would be great to be able to report on component hashes compared to publicly available component hashes. i.e. a component with...
The CLI should support diffing component hashes. This would allow for very basic integrity checks. Not sure if it'd be relevant to the user if hashes have been added or...
cyclonedx-cli 0.14.0 is not validating a BOM [jake-bom.xml](https://github.com/sonatype-nexus-community/cyclonedx-sbom-examples/blob/master/jake-bom.xml) from Sonatype's [cyclonedx-sbom-examples](https://github.com/sonatype-nexus-community/cyclonedx-sbom-examples) repo. The BOM appears to be schema v1.1 using the vulnerability extension. It is not pretty printed, so here...
