cyclonedx-cli
cyclonedx-cli copied to clipboard
CycloneDX
CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
For components that a development team knows are modified, CycloneDX CLI should ideally be able to reach out into the VCS (git) and retrieve the commits that make a modified...
Original issue in node.js implementation https://github.com/CycloneDX/cyclonedx-node-module/issues/113 Setting name and version of top level component as minimum first implementation. Additionally, it would be good to be able to set/add to the...
The CLI tool should support automatic resolving and augmentation of license information, when it is missing, for components in an SBOM. For components with an external reference to a GitHub...
As part of the release process there should be some basic tests run using the created single file executable for all platforms. The perfect example for this is issue #85
It would be useful to be able to have a new `scope-change` option for the Diff command to examine SBOMs for change in scope (required optional). 1. I think that...
This is a more specific continuation of #31 The output should indicate any component licenses that have been added, removed or modified when evaluated at the assembled software level.
When working with dependencies, it's important to understand how they're introduced. Since CycloneDX 1.2, dependency graphs are part of the core spec. For previous spec versions, there is a [dependency...
Add option to check for updates, and, if possible, an in place upgrade. It should be simple for *nix but I think on windows file locking will mean needing a...
One of the benefits of an SBOM first approach in a build pipeline is to be able to correct component identity and other data during a build. Examples: * Correcting...
The cyclonedx-cli tool creates an empty ```` node inside the ```` node, when no such reference exists in the input data. How to reproduce: Example BOM 1 with a patch...
