Skip to content

Latest commit

 

History

History
129 lines (95 loc) · 4.5 KB

README.md

File metadata and controls

129 lines (95 loc) · 4.5 KB
Raw

shield_gh-workflow-test shield_npm-version shield_docker-version shield_license
shield_website shield_slack shield_groups shield_twitter-follow

CycloneDX Node.js Module

The CycloneDX module for Node.js creates a valid CycloneDX Software Bill-of-Materials (SBOM) containing an aggregate of all project dependencies. CycloneDX is a lightweight SBOM specification that is easily created, human and machine readable, and simple to parse.

Requirements

Node.js v12.0.0 or higher

Usage

Installing

npm install -g @cyclonedx/bom

Getting Help

$ cyclonedx-node -h
Usage: cyclonedx-node [options] [path]

Creates CycloneDX Software Bill of Materials (SBOM) from Node.js projects

Arguments:
  path                        Path to analyze

Options:
  -v, --version               output the version number
  -d, --include-dev           Include devDependencies (default: false)
  -l, --include-license-text  Include full license text (default: false)
  -o, --output <output>       Write BOM to file (default: "bom.xml")
  -t, --type <type>           Project type (default: "library")
  -ns, --no-serial-number     Do not include BOM serial number
  -h, --help                  display help for command

Environment variable BOM_REPRODUCIBLE causes bom result to be more consistent
over multiple runs by omitting time/rand-based values, and sorting lists.

Example (default: XML)

cyclonedx-node

Example (XML)

cyclonedx-node --output bom.xml

Example (JSON)

cyclonedx-node --output bom.json

Usage with docker

Run cyclonedx/cyclonedx-node docker image inside your project folder, just like:

docker run --rm \
  --volume "$PWD":/src \
  cyclonedx/cyclonedx-node --output bom.xml

All options explained above are supported.

CycloneDX Schema Support

The following table provides information on the version of this node module, the CycloneDX schema version supported, as well as the output format options.
Use the latest possible version of this node module that is the compatible with the CycloneDX version supported by the target system. Or use the CycloneDX CLI Tool to convert to older specification versions as required.

Version Schema Version Format(s)
3.*.* CycloneDX v1.3 XML/JSON
2.*.* CycloneDX v1.2 XML/JSON
1.1.* CycloneDX v1.1 XML
1.0.* CycloneDX v1.0 XML

Contributing

Feel free to open issues, bugreports or pull requests.
See the CONTRIBUTING file for details.

Copyright & License

CycloneDX Node Module is Copyright (c) OWASP Foundation. All Rights Reserved.

Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the LICENSE file for the full license.