CycloneDX

CycloneDX is a lightweight software bill of materials (SBOM) standard designed for use in application security contexts and supply chain component analysis.

From: https://www.cyclonedx.org/

Example with Anchore Grype:

./grype defectdojo/defectdojo-django:1.13.1 -o cyclonedx > report.xml

Example with cyclonedx-bom tool:

pip install cyclonedx-bom
cyclonedx-py

  Usage:  cyclonedx-py [OPTIONS]
  Options:
    -i <path> - the alternate filename to a frozen requirements.txt
    -o <path> - the bom file to create
    -j        - generate JSON instead of XML

Sample Scan Data

Sample CycloneDX scans can be found here.

Last modified April 25, 2024: Merge pull request #10039 from DefectDojo/release/2.33.6 (c4ea89b)