1 | [![Build Status](https://github.com/CycloneDX/cyclonedx-node-module/workflows/Node%20CI/badge.svg)](https://github.com/CycloneDX/cyclonedx-node-module/actions?workflow=Node+CI)
|
2 | [![License](https://img.shields.io/badge/license-Apache%202.0-brightgreen.svg)][License]
|
3 | [![Latest](
|
4 | https://img.shields.io/npm/v/@cyclonedx/bom)](https://www.npmjs.com/package/@cyclonedx/bom)
|
5 | [![Website](https://img.shields.io/badge/https://-cyclonedx.org-blue.svg)](https://cyclonedx.org/)
|
6 | [![Slack Invite](https://img.shields.io/badge/Slack-Join-blue?logo=slack&labelColor=393939)](https://cyclonedx.org/slack/invite)
|
7 | [![Group Discussion](https://img.shields.io/badge/discussion-groups.io-blue.svg)](https://groups.io/g/CycloneDX)
|
8 | [![Twitter](https://img.shields.io/twitter/url/http/shields.io.svg?style=social&label=Follow)](https://twitter.com/CycloneDX_Spec)
|
9 |
|
10 | CycloneDX Node.js Module
|
11 | =========
|
12 |
|
13 | The CycloneDX module for Node.js creates a valid CycloneDX Software Bill-of-Materials (SBOM) containing an aggregate of all project dependencies. CycloneDX is a lightweight SBOM specification that is easily created, human and machine readable, and simple to parse.
|
14 |
|
15 | Requirements
|
16 | -------------------
|
17 | Node.js v8.0.0 or higher
|
18 |
|
19 | Usage
|
20 | -------------------
|
21 |
|
22 | #### Installing
|
23 |
|
24 | ```bash
|
25 | npm install -g @cyclonedx/bom
|
26 | ```
|
27 |
|
28 | #### Getting Help
|
29 | ```bash
|
30 | $ cyclonedx-bom -h
|
31 | Usage: cyclonedx-bom [OPTIONS] [path]
|
32 |
|
33 | Creates CycloneDX Software Bill-of-Materials (SBOM) from Node.js projects
|
34 |
|
35 | Options:
|
36 | -v, --version output the version number
|
37 | -a, --append <bom.xml> Merge BOM(s) into the current BOM (default: [])
|
38 | -d, --include-dev Include devDependencies (default: false)
|
39 | -l, --include-license-text Include full license text (default: false)
|
40 | -o, --output <output> Write BOM to file (default: "bom.xml")
|
41 | -s, --schema <version> Target schema version (default: "1.2")
|
42 | -t, --type <type> Project type (default: "library")
|
43 | -ns, --no-serial-number Do not include BOM serial number
|
44 | -h, --help display help for command
|
45 | ```
|
46 |
|
47 | #### Example (default: XML)
|
48 | ```bash
|
49 | cyclonedx-bom
|
50 | ```
|
51 |
|
52 | #### Example (XML)
|
53 | ```bash
|
54 | cyclonedx-bom -o bom.xml
|
55 | ```
|
56 |
|
57 | #### Example (JSON)
|
58 | ```bash
|
59 | cyclonedx-bom -o bom.json
|
60 | ```
|
61 |
|
62 | #### Example (Target Specification Version)
|
63 | ```bash
|
64 | cyclonedx-bom -o bom.xml -s 1.1
|
65 | ```
|
66 |
|
67 | ## CycloneDX Schema Support
|
68 |
|
69 | The following table provides information on the version of this node module, the CycloneDX schema version supported,
|
70 | as well as the output format options. Use the latest possible version of this node module that is the compatible with
|
71 | the CycloneDX version supported by the target system.
|
72 |
|
73 | | Version | Schema Version | Format(s) |
|
74 | | ------- | ----------------- | --------- |
|
75 | | 2.0.x | CycloneDX v1.2 | XML/JSON |
|
76 | | 1.1.x | CycloneDX v1.1 | XML |
|
77 | | 1.0x | CycloneDX v1.0 | XML |
|
78 |
|
79 | License
|
80 | -------------------
|
81 |
|
82 | Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the [LICENSE] file for the full license.
|
83 |
|
84 | [License]: https://github.com/CycloneDX/cyclonedx-node-module/blob/master/LICENSE
|