CycloneDX
CycloneDX is a lightweight software bill of materials (SBOM) standard designed for use in application security contexts and supply chain component analysis.
From: https://www.cyclonedx.org/
Example with Anchore Grype:
./grype defectdojo/defectdojo-django:1.13.1 -o cyclonedx > report.xml
Example with cyclonedx-bom
tool:
pip install cyclonedx-bom
cyclonedx-py
Usage: cyclonedx-py [OPTIONS]
Options:
-i <path> - the alternate filename to a frozen requirements.txt
-o <path> - the bom file to create
-j - generate JSON instead of XML
Sample Scan Data
Sample CycloneDX scans can be found here.
Last modified October 21, 2024: Merge pull request #11110 from DefectDojo/release/2.39.2 (5c7de81)