https://github.com/zakodium/sbom-tools

Tools to analyse CycloneDX SBOM files
https://github.com/zakodium/sbom-tools

Last synced: 5 months ago
JSON representation

Tools to analyse CycloneDX SBOM files

• Host: GitHub
• URL: https://github.com/zakodium/sbom-tools
• Owner: zakodium
• License: mit
• Created: 2025-10-15T08:29:23.000Z (8 months ago)
• Default Branch: main
• Last Pushed: 2025-12-22T15:34:50.000Z (6 months ago)
• Last Synced: 2025-12-24T02:48:17.029Z (6 months ago)
• Language: TypeScript
• Size: 206 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# @zakodium/sbom-tools

[![NPM version](https://img.shields.io/npm/v/@zakodium/sbom-tools.svg)](https://www.npmjs.com/package/@zakodium/sbom-tools)

[![npm download](https://img.shields.io/npm/dm/@zakodium/sbom-tools.svg)](https://www.npmjs.com/package/@zakodium/sbom-tools)

[![test coverage](https://img.shields.io/codecov/c/github/zakodium/sbom-tools.svg)](https://codecov.io/gh/zakodium/sbom-tools)

[![license](https://img.shields.io/npm/l/@zakodium/sbom-tools.svg)](https://github.com/zakodium/sbom-tools/blob/main/LICENSE)

Tools to analyse CycloneDX SBOM files.

## Installation

```console

npm install @zakodium/sbom-tools

```

## Usage

### Generate SBOM file

The tools expect a SBOM file in CycloneDX JSON format, version 1.6.

#### npm

See .

A compatible SBOM can be generated with:

```shell

npx --package @cyclonedx/cyclonedx-npm cyclonedx-npm --omit=dev --spec-version=1.6 --gather-license-texts --output-reproducible --output-file=sbom.json

```

#### Yarn

See 

A compatible SBOM can be generated with:

```shell

yarn dlx -q @cyclonedx/yarn-plugin-cyclonedx --production --spec-version=1.6 --gather-license-texts --output-reproducible --output-file=sbom.json

```

## License

[MIT](./LICENSE)