cyclonedx-cli
cyclonedx-cli copied to clipboard
CycloneDX
CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
[hello.spdx.json.txt](https://github.com/CycloneDX/cyclonedx-cli/files/12818323/hello.spdx.json.txt) [hello-cyclonedx.json.txt](https://github.com/CycloneDX/cyclonedx-cli/files/12818326/hello-cyclonedx.json.txt) [hello-cyclonedx-spdx.json.txt](https://github.com/CycloneDX/cyclonedx-cli/files/12818328/hello-cyclonedx-spdx.json.txt) Convert from SPDX to CycloneDX: ``` cyclonedx convert --input-file hello.spdx.json --input-format spdxjson --output-file hello-cyclonedx.json --output-format json ``` Convert the result to SPDX: ``` cyclonedx convert --input-file hello-cyclonedx.json...
Hello, and thanks for the awesome CLI -- it's helping me merge up a bunch of SBOMs. However, I noticed that my SBOMs have duplicate components in them. I think...
When I using CycloneDX-CLI to convert format(json, xml) or SPDX format, metadata/author and supplier fields are omitted. also dependencies fields are omitted. I want to know this is intended or...
I have created a SBOM using Syft, for the following docker image: debian:bookworm-slim Here is the produced SBOM: [syft-bom.zip](https://github.com/CycloneDX/cyclonedx-cli/files/12716957/syft-bom.zip) When I validate it using cyclonedx-cli, I get the following error:...
Integration of cyclonedx-linux-x64 in github pipeline using docker:stable image is failing as the image underlying os of alpine linux is not compatible with cyclonedx-linux-x64, please provide a solution for this...
...or to handle filenames in paths which have spaces. Not tested yet, and C# is not my native language, so please bear with me :) UPDATE: Now tested, as detailed...
Changes - Updates documentation reference to include cyclonedx v1.5, from https://github.com/CycloneDX/cyclonedx-cli/pull/337 - Changes reference to default version, from 1.4 to 1.5
Improve JSON validation, in particular if you don't specify the specification version. This helps to address https://github.com/CycloneDX/cyclonedx-cli/issues/221. On the given example, it will result in: ``` cyclonedx.exe validate --input-file badType_log4j_2.17.2_cyclonedx_1.3_sbom.json...
…and optionally avoid writing an invalid document Came up while testing https://github.com/CycloneDX/cyclonedx-dotnet-library/pull/245 but is a relatively independent feature, given that we juggle several versions of faulty merge generator and JSON...
…to CleanupMetadataComponent() and CleanupEmptyLists() as a finishing touch, to avoid inducing a spec violation with a duplicate bom-ref The new cleanup features depend on library PR https://github.com/CycloneDX/cyclonedx-dotnet-library/pull/245