socket cdxgen
cdxgen [command]
Commands:
cdxgen completion Generate bash/zsh completion
Options:
-o, --output Output file. Default bom.json [default: "bom.json"]
-t, --type Project type. Please refer to https://cyclonedx.github.io/cdxgen/#/PROJECT_TYPES for supp
orted languages/platforms. [array]
--exclude-type Project types to exclude. Please refer to https://cyclonedx.github.io/cdxgen/#/PROJECT_TY
PES for supported languages/platforms.
-r, --recurse Recurse mode suitable for mono-repos. Defaults to true. Pass --no-recurse to disable.
[boolean] [default: true]
-p, --print Print the SBOM as a table with tree. [boolean]
-c, --resolve-class Resolve class names for packages. jars only for now. [boolean]
--deep Perform deep searches for components. Useful while scanning C/C++ apps, live OS and oci i
mages. [boolean]
--server-url Dependency track url. Eg: https://deptrack.cyclonedx.io
--skip-dt-tls-check Skip TLS certificate check when calling Dependency-Track. [boolean] [default: false]
--api-key Dependency track api key
--project-group Dependency track project group
--project-name Dependency track project name. Default use the directory name
--project-version Dependency track project version [string] [default: ""]
--project-id Dependency track project id. Either provide the id or the project name and version togeth
er [string]
--parent-project-id Dependency track parent project id [string]
--required-only Include only the packages with required scope on the SBOM. Would set compositions.aggrega
te to incomplete unless --no-auto-compositions is passed. [boolean]
--fail-on-error Fail if any dependency extractor fails. [boolean]
--no-babel Do not use babel to perform usage analysis for JavaScript/TypeScript projects. [boolean]
--generate-key-and-sign Generate an RSA public/private key pair and then sign the generated SBOM using JSON Web S
ignatures. [boolean]
--server Run cdxgen as a server [boolean]
--server-host Listen address [default: "127.0.0.1"]
--server-port Listen port [default: "9090"]
--install-deps Install dependencies automatically for some projects. Defaults to true but disabled for c
ontainers and oci scans. Use --no-install-deps to disable this feature. [boolean]
--validate Validate the generated SBOM using json schema. Defaults to true. Pass --no-validate to di
sable. [boolean] [default: true]
--evidence Generate SBOM with evidence for supported languages. [boolean] [default: false]
--spec-version CycloneDX Specification version to use. Defaults to 1.5 [number] [default: 1.5]
--filter Filter components containing this word in purl or component.properties.value. Multiple va
lues allowed. [array]
--only Include components only containing this word in purl. Useful to generate BOM with first p
arty components alone. Multiple values allowed. [array]
--author The person(s) who created the BOM. Set this value if you're intending the modify the BOM
and claim authorship. [array] [default: "OWASP Foundation"]
--profile BOM profile to use for generation. Default generic.
[choices: "appsec", "research", "operational", "threat-modeling", "license-compliance", "generic"] [default: "generic"
]
--exclude Additional glob pattern(s) to ignore [array]
--include-formulation Generate formulation section with git metadata and build tools. Defaults to false.
[boolean] [default: false]
--include-crypto Include crypto libraries as components. [boolean] [default: false]
--standard The list of standards which may consist of regulations, industry or organizational-specif
ic standards, maturity models, best practices, or any other requirements which can be eva
luated against or attested to.
[array] [choices: "asvs-4.0.3", "bsimm-v13", "masvs-2.0.0", "nist_ssdf-1.1", "pcissc-secure-slc-1.1", "scvs-1.0.0", "s
saf-DRAFT-2023-11"]
--auto-compositions Automatically set compositions when the BOM was filtered. Defaults to true
[boolean] [default: true]
-h, --help Show help [boolean]
-v, --version Show version number [boolean]
Examples:
cdxgen -t java . Generate a Java SBOM for the current directory
cdxgen -t java -t js . Generate a SBOM for Java and JavaScript in the current directory
cdxgen --server Run cdxgen as a server
for documentation, visit https://cyclonedx.github.io/cdxgen
Updated 3 months ago