{"id":20617794,"url":"https://github.com/cyclonedx/gh-node-module-generatebom","last_synced_at":"2026-03-13T14:33:46.877Z","repository":{"id":37045958,"uuid":"279419905","full_name":"CycloneDX/gh-node-module-generatebom","owner":"CycloneDX","description":"GitHub action to generate a CycloneDX SBOM for Node.js","archived":false,"fork":false,"pushed_at":"2025-01-10T12:19:56.000Z","size":127,"stargazers_count":21,"open_issues_count":3,"forks_count":6,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-04-13T17:43:54.366Z","etag":null,"topics":["bill-of-materials","bom","cyclonedx","gh-action","github-action","node","nodejs","owasp","sbom","sbom-generator","software-bill-of-materials"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CycloneDX.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"custom":["https://owasp.org/donate/?reponame=www-project-cyclonedx\u0026title=OWASP+CycloneDX"]}},"created_at":"2020-07-13T21:55:46.000Z","updated_at":"2025-01-10T12:19:56.000Z","dependencies_parsed_at":"2024-01-06T12:38:52.198Z","dependency_job_id":"a9bd8ccd-58ff-4c2f-90dd-23313f6979dc","html_url":"https://github.com/CycloneDX/gh-node-module-generatebom","commit_stats":{"total_commits":23,"total_committers":4,"mean_commits":5.75,"dds":0.3913043478260869,"last_synced_commit":"c8f2f2c54430c464ab9dc7a33754e7c0eb293263"},"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CycloneDX%2Fgh-node-module-generatebom","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CycloneDX%2Fgh-node-module-generatebom/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CycloneDX%2Fgh-node-module-generatebom/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CycloneDX%2Fgh-node-module-generatebom/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CycloneDX","download_url":"https://codeload.github.com/CycloneDX/gh-node-module-generatebom/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249061529,"owners_count":21206522,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bill-of-materials","bom","cyclonedx","gh-action","github-action","node","nodejs","owasp","sbom","sbom-generator","software-bill-of-materials"],"created_at":"2024-11-16T12:05:59.357Z","updated_at":"2026-03-13T14:33:46.821Z","avatar_url":"https://github.com/CycloneDX.png","language":"JavaScript","funding_links":["https://owasp.org/donate/?reponame=www-project-cyclonedx\u0026title=OWASP+CycloneDX"],"categories":[],"sub_categories":[],"readme":"\u003e [!NOTE]\n\u003e This GitHub Action is considered deprecated.  \n\u003e Instead, you may use one of the following tools in your github workflow:\n\u003e\n\u003e - for NPM projects: [`@yclonedx/cyclonedx-npm`](https://www.npmjs.com/package/%40cyclonedx/cyclonedx-npm)\n\u003e   ```yaml\n\u003e   - name: Create SBOM step\n\u003e     # see for usage: https://www.npmjs.com/package/%40cyclonedx/cyclonedx-npm\n\u003e     run: npx @cyclonedx/cyclonedx-npm --help\n\u003e   ```\n\u003e - for YARN projects: [`@cyclonedx/yarn-plugin-cyclonedx`](https://www.npmjs.com/package/%40cyclonedx/yarn-plugin-cyclonedx)\n\u003e   ```yaml\n\u003e   - name: Create SBOM step\n\u003e     # see for usage: https://www.npmjs.com/package/%40cyclonedx/yarn-plugin-cyclonedx\n\u003e     run: yarn dlx -q @cyclonedx/yarn-plugin-cyclonedx --help\n\u003e   ```\n\u003e  - for PNPM projects: *to be announced*\n\nFor other Node.js related CycloneDX SBOM generators, see also: \u003chttps://github.com/CycloneDX/cyclonedx-node-module/blob/master/README.md#out-of-scope\u003e\n\n----\n\n[![Website](https://img.shields.io/badge/https://-cyclonedx.org-blue.svg)](https://cyclonedx.org/)\n[![Slack Invite](https://img.shields.io/badge/Slack-Join-blue?logo=slack\u0026labelColor=393939)](https://cyclonedx.org/slack/invite)\n[![Group Discussion](https://img.shields.io/badge/discussion-groups.io-blue.svg)](https://groups.io/g/CycloneDX)\n[![Twitter](https://img.shields.io/twitter/url/http/shields.io.svg?style=social\u0026label=Follow)](https://twitter.com/CycloneDX_Spec)\n\n# GitHub action to generate a CycloneDX SBOM for Node.js\n\nThis GitHub action will create a a valid CycloneDX Software Bill-of-Materials (SBOM) containing an aggregate of all project dependencies. CycloneDX is a lightweight SBOM specification that is easily created, human and machine readable, and simple to parse.\n\nThis GitHub action requires a node_modules directory so this action will typically need to run after an npm build.\n\n## Inputs\n\n### `path`\n\nThe path to a Node.js project, default is \"./\"\n\nBe sure to quote paths with spaces.\n\n### `output`\n\nOutput filename, default is \"./bom.xml\"\n\nBe sure to quote paths with spaces.\n\n## Example simple usage\n\n```yaml\nuses: CycloneDX/gh-node-module-generatebom@v1\n```\n\n## Example step that defines the output and path (both are optional)\n\n```yaml\n- name: Create SBOM step\n  uses: CycloneDX/gh-node-module-generatebom@v1\n  with:\n    path: './node_project/'\n    output: './bom_directory/test.app.bom.xml'\n```\n\n## Complete Action with npm build and SBOM creation\n\n```yaml\nname: Build javascript project\non: push\njobs:\n  build:\n    runs-on: ubuntu-latest\n    name: Install and build javascript\n    steps:\n      - uses: actions/checkout@v3\n      - uses: actions/setup-node@v3\n        with:\n          node-version: '16'\n      - run: npm install\n      - name: Create SBOM with CycloneDX\n        uses: CycloneDX/gh-node-module-generatebom@v1\n        with: \n          output: './test.app.bom.xml'\n```\n\n## Internals\n\nThis action uses `@cyclonedx/bom@\u003c4`. See [`@cyclonedx/bom` in NPMjs](https://www.npmjs.com/package/@cyclonedx/bom).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyclonedx%2Fgh-node-module-generatebom","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcyclonedx%2Fgh-node-module-generatebom","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyclonedx%2Fgh-node-module-generatebom/lists"}