Lockheed Martin developed utility to generate CycloneDX SBOMs for Linux distributions
This project creates a utility that users can utilize in generating Software Bill of Materials (SBom) file for Unix Operating Systems. It currently will create an SBOM for Alpine, Debian, Centos, Redhat and Ubuntu.
This utility can also work well with docker containers who runs Alpine(*), Debian, Centos, Redhat or Ubuntu.
Note: For Alpine you must have bash and java installed to run.
- Open JDK11
- Apache Maven 3.6.3 or greater installed
- (Recommended) java IDE Eclipse with Subclipse 4.3.0 plug-in
- Unix Based Operating System.
mvn clean package
To run as a standalone java application, you can look at the "start.sh" shell script for an example. You can also use the provided "start.sh" script as a pass through to the jar. It assumes all the basic settings.
./start.sh -h
usage: help
-g, --group <arg> (Optional) Group value to assign to top level component.
-h, --help will print out the command line options.
-i, --image <arg> (Optional) Docker Image file to use as top level component.
-n, --name <arg> (Optional) Name value to assign to top level component.
-nc, --no-components (Optional) Will only campture master component. Will not include any components in the list of Components.
-v, --version <arg> (Optional) Version value to assign to top level component.
"start.sh" script will create a directory for the logs (logs).
"start.sh" will create a directory (output) for the bom.xml file.
CycloneDX Linux Generator is Copyright (c) Lockheed Martin Corporation. All Rights Reserved.
Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the License file for the full license.