cdx-bower-bom
v0.3.0
Published
Creates CycloneDX Software Bill-of-Materials (SBOM) from Bower packages
Downloads
125
Readme
CycloneDX Bower managed dependencies generator
The CycloneDX Bower generator is derived from the CycloneDX Node.js Module, which deserves all credit. Before this module was created, a question was asked the CycloneDX Node.js Module team whether they would be interested in adding Bower support in their module. This module is mostly an experiment to figure out how much I would need to add in order to add support in the official Node.js Module.
While the roadmap for this project is to create a read_installed
module for
bower packages and then incorporate this in the official Node.js Module, this
utility is useful in its current form to a number of projects.
The CycloneDX module for Bower creates a valid CycloneDX Software Bill-of-Materials (SBOM) containing an aggregate of all bower project dependencies. CycloneDX is a lightweight SBOM specification that is easily created, human and machine readable, and simple to parse.
Requirements
- Node.js v8.0.0 or higher
bower install
has been executed for the target repository
Usage
Installing
npm install -g cdx-bower-bom
Getting Help
$ cdx-bower-bom -h
Usage: cdx-bower-bom [OPTIONS] [path]
Options:
-h - this help
-a <path> - merge in additional modules from other scanner
-o <path> - write to file instead of stdout
-ns - do not generate bom serial number
--version - print version number
Example
cdx-bower-bom -o bom.xml
License
Permission to modify and redistribute is granted under the terms of the Apache 2.0 license.