FedSearch
OWASP CycloneDX · @CycloneDX
85 followers · 9 posts · Server infosec.exchange

We are happy to announce that AppThreat , a polyglot CycloneDX generation tool created by Prabhu Subramanian, is now officially an CycloneDX project. Mr. Subramanian continues to lead this project with the backing of the wider OWASP community.

cdxgen aims to simplify the SBOM generation workflow for various languages, package managers, containers, and even operating systems with a single command, often requiring no additional arguments.

The tool is available under an license as an npm package (@CycloneDX/cdxgen) and a container image (docker pull ghcr.io/cyclonedx/cdxgen) for effortless integration into CI/CD environments and other application security tools.

Welcome aboard Prabhu. We’re honored to have you as one of our outstanding maintainers.

github.com/CycloneDX/cdxgen

You can find cdxgen and over 180 other tools that support CycloneDX, at cyclonedx.org/tool-center/

#cdxgen #SBOM #owasp #opensource

Last updated 2 years ago
Original post

prabhu · @prabhu
13 followers · 45 posts · Server infosec.exchange

@karabaic @suchakra How about using to submit your list of OS software in @CycloneDX instead of running an agent?

#cdxgen

Last updated 3 years ago
Original post

prabhu · @prabhu
13 followers · 45 posts · Server infosec.exchange
GitHub - cdxgen/queries.json at master · AppThreat/cdxgen

@suchakra Those queries aren't even comprehensive. has a much better list for SBoM generation github.com/AppThreat/cdxgen/bl

#cdxgen

Last updated 3 years ago
Original post

prabhu · @prabhu
12 followers · 39 posts · Server infosec.exchange

Should support automatic submission to @github via the dependency submission API? It's a bit of work since they've reinvented another SBoM spec instead of reusing CycloneDX or SPDX, but happy to spend time if there is interest. docs.github.com/en/code-securi

#cdxgen #SBOM

Last updated 3 years ago
Original post

prabhu · @prabhu
7 followers · 7 posts · Server infosec.exchange
GitHub - GitHub - AppThreat/cdxgen: Creates CycloneDX Software Bill-of-Materials (SBOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI//CD pipeline with automatic submission to Dependency Track server.

github.com/AppThreat/cdxgen#pl
npm install -g @appthreat/cdxgen
npm install -g @ngcloudsec/cdxgen-plugins-bin
cdxgen -t os

#SBOM #cdxgen

Last updated 3 years ago
Original post

prabhu · @prabhu
7 followers · 7 posts · Server infosec.exchange

Have you ever wondered if there was a tool that could generate a
@CycloneDX_Spec
for a live system or a VM for compliance or auditing? 5.1.0 is now available with os scan support.

#SBOM #cdxgen

Last updated 3 years ago
Original post

prabhu · @prabhu
7 followers · 7 posts · Server infosec.exchange
GitHub - GitHub - AppThreat/cdxgen: Creates CycloneDX Software Bill-of-Materials (SBOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI//CD pipeline with automatic submission to Dependency Track server.

Early Black Friday deal: ( Generator) 5.0.1 is out now with support for:
✅ docker/OCI images with OS packages (Powered by )
✅ Rust binary (Powered by Cargo Auditable)

github.com/AppThreat/cdxgen

#cdxgen #cyclonedx #SBOM #trivy

Last updated 3 years ago
Original post