{"id":37056515,"url":"https://github.com/mtsfoni/cdx-enrich","last_synced_at":"2026-01-14T06:23:05.853Z","repository":{"id":245694626,"uuid":"806756764","full_name":"mtsfoni/cdx-enrich","owner":"mtsfoni","description":"Enriches CycloneDX Software Bills of Materials (SBOM) with predefined data","archived":false,"fork":false,"pushed_at":"2025-06-01T11:44:36.000Z","size":30,"stargazers_count":8,"open_issues_count":2,"forks_count":3,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-11-07T04:18:04.640Z","etag":null,"topics":["cyclonedx","dependency-track","json","license","license-management","owasp","sbom","sbom-generator","spdx","xml"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mtsfoni.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-05-27T20:51:15.000Z","updated_at":"2025-10-02T09:51:00.000Z","dependencies_parsed_at":"2024-06-23T14:19:24.138Z","dependency_job_id":"74ec5195-58a8-4b17-9fdd-af799509eb08","html_url":"https://github.com/mtsfoni/cdx-enrich","commit_stats":null,"previous_names":["mtsfoni/cdx-enrich"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/mtsfoni/cdx-enrich","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mtsfoni%2Fcdx-enrich","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mtsfoni%2Fcdx-enrich/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mtsfoni%2Fcdx-enrich/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mtsfoni%2Fcdx-enrich/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mtsfoni","download_url":"https://codeload.github.com/mtsfoni/cdx-enrich/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mtsfoni%2Fcdx-enrich/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28412211,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T05:26:33.345Z","status":"ssl_error","status_checked_at":"2026-01-14T05:21:57.251Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cyclonedx","dependency-track","json","license","license-management","owasp","sbom","sbom-generator","spdx","xml"],"created_at":"2026-01-14T06:23:05.114Z","updated_at":"2026-01-14T06:23:05.844Z","avatar_url":"https://github.com/mtsfoni.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# cdx-enrich\n\ncdx-enrich is a .NET tool designed to enrich a CycloneDX Bill-of-Materials (BOM) with predefined data. It processes a CycloneDX SBOM and applies transformations declared in a configuration file, allowing users to enhance SBOMs generated by tools that might not capture all necessary details.\n\n## Features\n\n- Enrich your SBOM with data your generator couldn't find.\n- Transform CycloneDX SBOM files based on a configuration file.\n- Designed as a pipeline step in between SBOM-generation and upload to Dependency-Track.\n\n## Installation\n\ncdx-enrich requires .NET 8 to be installed.\n\nTo install cdx-enrich, use the .NET CLI:\n\n```sh\ndotnet tool install -g cdx-enrich\n```\n\n## Usage\n\nThe cdx-enrich tool provides several command-line options to specify input files, output files, and configuration files.\n\n### Command-Line Options\n```sh\nArguments:\n  \u003cinput file\u003e  The path to a CycloneDX SBOM to enrich.\n\nOptions:\n  -if, --input-format \u003cAuto|JSON|XML\u003e   Specify the input file format, if necessary. [default: Auto]\n  -o, --output-file \u003coutput-file\u003e       Path to save the enriched SBOM. Leave blank to overwrite the input file.\n  -of, --output-format \u003cAuto|JSON|XML\u003e  Specify the output file format. [default: Auto]\n  -c, --config-files \u003cconfig-files\u003e     Path to one or more configuration files.\n  --version                             Show version information\n  -?, -h, --help                        Show help and usage information\n```\n\n### Examples\n\n#### Example 1: Basic Usage\n\n```sh\ncdx-enrich sbom.json -c config.yaml\n```\n\nThis command takes an input SBOM (`sbom.json`), applies transformations defined in `config.yaml`, and writes the enriched SBOM back to `sbom.json`.\n\n#### Example 2: Specifying Formats \u0026 Seperate output file\n\n```sh\ncdx-enrich sbom.cdx -if XML -o enriched_sbom.cdx -of JSON -c config.yaml\n```\n\nThis command explicitly specifies the input and output formats as XML.\n\n#### Example 3: Using Multiple Configuration Files\n\n```sh\ncdx-enrich input.bom.json -o output.bom.json -c project.yaml organization.yaml\n```\n\nThis command takes an input SBOM (`input.bom.json`), applies transformations defined in both `project.yaml` and `organization.yaml`, and writes the enriched SBOM to `output.bom.json`.\n\nEach configuration file can contain different sets of transformations, and they are applied in the order specified.\n\n## Configuration File\n\nThe configuration file defines the transformations to be applied to the SBOM. Currently, two actions are supported: `ReplaceLicensesByURL` and `ReplaceLicenseByBomRef`.\n\n### Example Configuration\n\n```yaml\nReplaceLicensesByURL:\n- URL: \"https://github.com/dotnet/corefx/blob/master/LICENSE.TXT\"\n  Id: \"MIT\"\n- URL: \"http://go.microsoft.com/fwlink/?LinkID=262998\"\n  Name: \"MICROSOFT SOFTWARE LICENSE TERMS - MICROSOFT .NET LIBRARY\"\n\nReplaceLicenseByBomRef:\n- Ref: \"pkg:nuget/Json.More.Net@1.9.0\"\n  Id: \"MIT\"  \n```\n\n### Actions\n\n#### ReplaceLicensesByURL\n\nThis action replaces licenses in components that match a specific URL. The replacement can specify either an SPDX License ID or a name for the license, but not both.\n\n- **URL:** The URL of the license to be replaced.\n- One of:\n  - **Id:** The new SPDX License ID.\n  - **Name:** The new license name.\n\n#### ReplaceLicenseByBomRef\n\nThis action replaces licenses in a specific component identified by its BOM reference. The replacement can specify either an SPDX License ID or a name for the license, but not both.\n\n- **Ref:** The BOM reference of the component whose license is to be replaced.\n- One of:\n  - **Id:** The new SPDX License ID.\n  - **Name:** The new license name.\n\n## Issues and Contributions\n\nIf you need additional actions or encounter issues, please open an issue on the GitHub repository. \n\nThe tool is written, so that new actions can be easily added. Ensure you follow the coding style, the functional structure and include tests where applicable. Use an existing action as a template.\n\n## License\n\ncdx-enrich is licensed under the Apache 2.0 License. See the LICENSE file for more details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmtsfoni%2Fcdx-enrich","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmtsfoni%2Fcdx-enrich","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmtsfoni%2Fcdx-enrich/lists"}