Skip to content

Lockheed Martin developed utility to generate CycloneDX SBOMs for Linux distributions

License

Notifications You must be signed in to change notification settings

CycloneDX/cyclonedx-linux-generator

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

79 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Build Status Maven Central License Website Slack Invite Group Discussion Twitter

cyclonedx-linux-generator

Lockheed Martin developed utility to generate CycloneDX SBOMs for Linux distributions

This project creates a utility that users can utilize in generating Software Bill of Materials (SBom) file for Unix Operating Systems. It currently will create an SBOM for Alpine, Debian, Centos, Redhat and Ubuntu.

This utility can also work well with docker containers who runs Alpine(*), Debian, Centos, Redhat or Ubuntu.

Note: For Alpine you must have bash and java installed to run.

Prerequisites

  • Open JDK11
  • Apache Maven 3.6.3 or greater installed
  • (Recommended) java IDE Eclipse with Subclipse 4.3.0 plug-in
  • Unix Based Operating System.

Usage:

To Build this project into an artifact via maven.

Maven Command

    mvn clean package

To Run

To run as a standalone java application, you can look at the "start.sh" shell script for an example. You can also use the provided "start.sh" script as a pass through to the jar. It assumes all the basic settings.

Help is available.

    ./start.sh -h

Help Output shows options for running the SBomCombiner application.

usage: help
    -g, --group <arg>     (Optional) Group value to assign to top level component.
    -h, --help            will print out the command line options.
    -i, --image <arg>     (Optional) Docker Image file to use as top level component.
    -n, --name <arg>      (Optional) Name value to assign to top level component.
    -nc, --no-components  (Optional) Will only campture master component.  Will not include any components in the list of Components.
     -v, --version <arg>  (Optional) Version value to assign to top level component.

Logging

Logs

"start.sh" script will create a directory for the logs (logs).

Output

bom.xml

"start.sh" will create a directory (output) for the bom.xml file.  

Copyright & License

CycloneDX Linux Generator is Copyright (c) Lockheed Martin Corporation. All Rights Reserved.

Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the License file for the full license.