This is a
playground to test code. It runs a full
Node.js environment and already has all of
npm’s 400,000 packages pre-installed, including
@appthreat/cdxgen with all
npm packages installed. Try it out:
This service is provided by RunKit and is not affiliated with npm, Inc or the package authors.
This script creates a valid CycloneDX Software Bill-of-Materials (SBOM) containing an aggregate of all project dependencies for node.js, python, java and Go projects. Optionally, it can submit the generated BOM to dependency track or AppThreat server for analysis. CycloneDX is a lightweight SBOM specification that is easily created, human and machine readable, and simple to parse.
|java||maven (pom.xml), gradle (build.gradle)|
|python||requirements.txt, Pipfile.lock, poetry.lock|
npm install -g @appthreat/cdxgen
$ cdxgen -h Options: --version, -v Print version number [boolean] --output, -o Output file for bom.xml. Default console --type, -t Project type --server-url Dependency track or AppThreat server url. Eg: https://deptrack.appthreat.io --api-key Dependency track or AppThreat server api key --project-name Dependency track or AppThreat project name. Default use the directory name --project-version Dependency track or AppThreat project version. Default master [default: "master"] --project-id Dependency track or AppThreat project id. Either provide the id or the project name and version together -h Show help [boolean]
cdxgen -o bom.xml
Use the GitHub action to automatically generate and upload bom to the server. Refer to
nodejs.yml in this repo for a working example.
Use this custom builder and refer to the readme for instruction.
Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the LICENSE file for the full license.