CycloneDX

CycloneDX is a lightweight software bill of materials (SBOM) standard designed for use in application security contexts and supply chain component analysis.

From: https://www.cyclonedx.org/

Example with Anchore Grype:

./grype defectdojo/defectdojo-django:1.13.1 -o cyclonedx > report.xml

Example with cyclonedx-bom tool:

pip install cyclonedx-bom
cyclonedx-py
  Usage:  cyclonedx-py [OPTIONS]
  Options:
    -i <path> - the alternate filename to a frozen requirements.txt
    -o <path> - the bom file to create
    -j        - generate JSON instead of XML

Sample Scan Data

Sample CycloneDX scans can be found here.

Last modified February 5, 2024: Update versions (738dca4)