{"id":21955210,"url":"https://github.com/voltone/sbom","last_synced_at":"2025-08-22T02:30:49.858Z","repository":{"id":35339707,"uuid":"217318187","full_name":"voltone/sbom","owner":"voltone","description":"Mix task to generate a Software Bill-of-Materials (SBoM) in CycloneDX format","archived":false,"fork":false,"pushed_at":"2025-05-28T07:58:23.000Z","size":47,"stargazers_count":38,"open_issues_count":2,"forks_count":18,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-08-13T00:14:09.222Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Elixir","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/voltone.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-10-24T14:23:13.000Z","updated_at":"2025-07-07T15:25:25.000Z","dependencies_parsed_at":"2024-11-29T10:02:37.615Z","dependency_job_id":null,"html_url":"https://github.com/voltone/sbom","commit_stats":{"total_commits":11,"total_committers":3,"mean_commits":"3.6666666666666665","dds":"0.18181818181818177","last_synced_commit":"798f700e576c6dd9b0b1285cc5afd8beeec9a3a4"},"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/voltone/sbom","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voltone%2Fsbom","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voltone%2Fsbom/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voltone%2Fsbom/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voltone%2Fsbom/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/voltone","download_url":"https://codeload.github.com/voltone/sbom/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voltone%2Fsbom/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":271575502,"owners_count":24783543,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-22T02:00:08.480Z","response_time":65,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-29T07:29:56.306Z","updated_at":"2025-08-22T02:30:49.624Z","avatar_url":"https://github.com/voltone.png","language":"Elixir","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SBoM\n\nGenerates a Software Bill-of-Materials (SBoM) for Mix projects, in [CycloneDX](https://cyclonedx.org)\nformat.\n\nFull documentation can be found at [https://hexdocs.pm/sbom](https://hexdocs.pm/sbom).\n\nFor a quick demo of how this might be used, check out [this blog post](https://blog.voltone.net/post/24).\n\n## Installation\n\nTo install the Mix task globally on your system, run `mix archive.install hex sbom`.\n\nAlternatively, the package can be added to a project's dependencies to make the\nMix task available for that project only:\n\n```elixir\ndef deps do\n  [\n    {:sbom, \"~\u003e 0.6\", only: :dev, runtime: false}\n  ]\nend\n```\n\n## Usage\n\nTo produce a CycloneDX SBoM, run `mix sbom.cyclonedx` from the project\ndirectory. The result is written to a file named `bom.xml`, unless a different\nname is specified using the `-o` option.\n\nBy default only the dependencies used in production are included. To include all\ndependencies, including those for the 'dev' and 'test' environments, pass the\n`-d` command line option: `mix sbom.cyclonedx -d`.\n\n*Note that MIX_ENV does not affect which dependencies are included in the\noutput; the task should normally be run in the default (dev) environment*\n\nFor more information on the command line arguments accepted by the Mix task\nrun `mix help sbom.cyclonedx`.\n\n## NPM packages and other dependencies\n\nThis tool only considers Hex, GitHub and BitBucket dependencies managed through\nMix. To build a comprehensive SBoM of a deployment, including NPM and/or\noperating system packages, it may be necessary to merge multiple CycloneDX files\ninto one.\n\nThe [@cyclonedx/bom](https://www.npmjs.com/package/@cyclonedx/bom) tool on NPM\ncan not only generate an SBoM for your JavaScript assets, but it can also merge\nin the output of the 'sbom.cyclonedx' Mix task and other scanners, through the\n'-a' option, producing a single CycloneDX XML file.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvoltone%2Fsbom","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvoltone%2Fsbom","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvoltone%2Fsbom/lists"}