Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/ozonru/cyclonedx-go

Creates CycloneDX Software Bill-of-Materials (SBOM) from Go projects. So you can use it with DependencyTrack to monitor security issues in 3rd party modules.
https://github.com/ozonru/cyclonedx-go

bill-of-materials bom component-analysis cyclonedx sbom security security-tools software-composition-analysis

Last synced: about 1 month ago
JSON representation

Creates CycloneDX Software Bill-of-Materials (SBOM) from Go projects. So you can use it with DependencyTrack to monitor security issues in 3rd party modules.

Awesome Lists containing this project

README 

          
# cyclonedx-go



The CycloneDX module for Go creates a valid CycloneDX bill-of-material document containing an aggregate of all project dependencies. [CycloneDX](https://cyclonedx.org) is a lightweight BOM specification that is easily created, human readable, and simple to parse.



## Requirements



* Go >= 1.11

* :warning: It works for projects with [Modules](https://blog.golang.org/using-go-modules) feauture enabled



## Install



### Local Installation



```bash

go get github.com/ozonru/cyclonedx-go/cmd/cyclonedx-go

```



## Usage



Navigate to the project directory and run `cyclonedx-go`. Inside it will read output from `go list -json -m all` command and print result BOM. You can specify destation for result file with option `-o`.



### Sample output



```bash

$ cyclonedx-go 

```

```xml



 

   

     

       github.com/google/uuid

       1.1.1

       pkg:golang/github.com/google/uuid@1.1.1

     

     

       github.com/package-url/packageurl-go

       0.1.0

       pkg:golang/github.com/package-url/packageurl-go@0.1.0

     

   

 

```



## License



Permission to modify and redistribute is granted under the terms of the GPL-3 license.