CycloneDX

CycloneDX is a lightweight software bill of materials (SBOM) standard designed for use in application security contexts and supply chain component analysis.

From: https://www.cyclonedx.org/

Example with Anchore Grype:

./grype defectdojo/defectdojo-django:1.13.1 -o cyclonedx > report.xml

Example with cyclonedx-bom tool:

pip install cyclonedx-bom
cyclonedx-py

  Usage:  cyclonedx-py [OPTIONS]
  Options:
    -i <path> - the alternate filename to a frozen requirements.txt
    -o <path> - the bom file to create
    -j        - generate JSON instead of XML

Sample Scan Data

Sample CycloneDX scans can be found here.

Last modified November 18, 2024: Merge pull request #11287 from DefectDojo/master-into-dev/2.40.2-2.41.0-dev (3b0fd30)