An open API service indexing awesome lists of open source software.

https://github.com/ozonru/cyclonedx-go

Creates CycloneDX Software Bill-of-Materials (SBOM) from Go projects. So you can use it with DependencyTrack to monitor security issues in 3rd party modules.
https://github.com/ozonru/cyclonedx-go

bill-of-materials bom component-analysis cyclonedx sbom security security-tools software-composition-analysis

Last synced: about 1 month ago
JSON representation

Creates CycloneDX Software Bill-of-Materials (SBOM) from Go projects. So you can use it with DependencyTrack to monitor security issues in 3rd party modules.

Awesome Lists containing this project

README

          

# cyclonedx-go

The CycloneDX module for Go creates a valid CycloneDX bill-of-material document containing an aggregate of all project dependencies. [CycloneDX](https://cyclonedx.org) is a lightweight BOM specification that is easily created, human readable, and simple to parse.

## Requirements

* Go >= 1.11
* :warning: It works for projects with [Modules](https://blog.golang.org/using-go-modules) feauture enabled

## Install

### Local Installation

```bash
go get github.com/ozonru/cyclonedx-go/cmd/cyclonedx-go
```

## Usage

Navigate to the project directory and run `cyclonedx-go`. Inside it will read output from `go list -json -m all` command and print result BOM. You can specify destation for result file with option `-o`.

### Sample output

```bash
$ cyclonedx-go
```
```xml




github.com/google/uuid
1.1.1
pkg:golang/github.com/google/uuid@1.1.1


github.com/package-url/packageurl-go
0.1.0
pkg:golang/github.com/package-url/packageurl-go@0.1.0



```

## License

Permission to modify and redistribute is granted under the terms of the GPL-3 license.