CycloneDX/cyclonedx-node-module

Stars
108
Rank 321,259 (Top 7 %)
Language
License
Apache License 2.0
Created over 7 years ago
Updated over 1 year ago

CycloneDX/cyclonedx-node-module

CycloneDX

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

creates CycloneDX Software Bill of Materials (SBOM) from node-based projects

CycloneDX BOM

This is a so-called meta-package, it does not ship any own functionality, but it is a collection of optional dependencies. This package's dependencies are tools with one purpose in common:
generate CycloneDX Software Bill-of-Materials (SBOM) from node-based projects.

ecosystem	actual tool
npm	@cyclonedx/cyclonedx-npm
yarn	to be announced
pnpm	to be announced

You should not depend on this very meta-package, instead depend on the actual tool that fits your specific ecosystem.

Out of Scope

There are ecosystems, that are not node-based, but use node as a runtime/compiler environment.
These ecosystems are out of scope. Therefore, the following packages are not part of this very meta-package.

ecosystem	actual tool
webpack	@cyclonedx/webpack-plugin
Angular	@cyclonedx/webpack-plugin
React	@cyclonedx/webpack-plugin
Parcel	to be announced

Library

If you are looking for a JavaScript/TypeScript library for working with CycloneDX, its data models or serialization, then you might want to try @cyclonedx/cyclonedx-library.

Contributing

You want to have a certain node-based tool added?
Feel free to open issues, bugreports or pull requests.
See the CONTRIBUTING file for details.

Copyright & License

CycloneDX Node Module is Copyright (c) OWASP Foundation. All Rights Reserved.

Permission to modify and redistribute is granted under the terms of the Apache 2.0 license.
See the LICENSE file for the full license.

Previous versions

This project used to be a tool-set and a library to work and generate CycloneDX Software Bill-of-Materials (SBOM) from npm and yarn based projects.
Since version 4.0, this was all split to individual projects, and this project changed to a bare meta-package.

Previous versions of this very package are still available via npmjs versions and github releases

cdxgen

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. Discord: https://discord.gg/DP657ACYEZ

specification

CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, OBOM, VDR, and VEX

cyclonedx-cli

CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.

cyclonedx-python

CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments

cyclonedx-maven-plugin

Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects

cyclonedx-dotnet

Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects

bom-examples

A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)

cyclonedx-gradle-plugin

Creates CycloneDX Software Bill of Materials (SBOM) from Gradle projects

cyclonedx-rust-cargo

Creates CycloneDX Software Bill of Materials (SBOM) from Rust (Cargo) projects

cyclonedx-gomod

Creates CycloneDX Software Bill of Materials (SBOM) from Go modules

cyclonedx-core-java

CycloneDX SBOM Model and Utils for Creating and Validating BOMs

cyclonedx-node-npm

Create CycloneDX Software Bill of Materials (SBOM) from Node.js NPM projects.

cyclonedx-bom-repo-server

A BOM repository server for distributing CycloneDX BOMs

cyclonedx-python-lib

Python implementation of OWASP CycloneDX

cyclonedx-php-composer

Create CycloneDX Software Bill of Materials (SBOM) from PHP Composer projects

transparency-exchange-api

A standard API specification for exchanging supply chain artifacts and intelligence

cyclonedx-go

Go library to consume and produce CycloneDX Software Bill of Materials (SBOM)

cyclonedx-linux-generator

Lockheed Martin developed utility to generate CycloneDX SBOMs for Linux distributions

sbom-utility

Utility that provides an API platform for validating, querying and managing BOM data

cyclonedx-conan

Creates CycloneDX Software Bill of Materials (SBOM) documents for C/C++ projects using Conan

license-scanner

Utility that provides an API and CLI to identify licenses and legal terms

gh-node-module-generatebom

GitHub action to generate a CycloneDX SBOM for Node.js

cyclonedx-webpack-plugin

Create CycloneDX Software Bill of Materials (SBOM) from webpack bundles at compile time.

cyclonedx-node-yarn

Create CycloneDX Software Bill of Materials (SBOM) from Node.js Yarn projects.

cyclonedx-ruby-gem

Creates CycloneDX Software Bill of Materials (SBOM) from Ruby projects

cyclonedx-javascript-library

Core functionality of OWASP CycloneDX for JavaScript (Node.js or WebBrowser) written in TypeScript.

cyclonedx-web-tool

A web based tool for working with CycloneDX BOMs

cyclonedx-dotnet-library

.NET library to consume and produce CycloneDX Software Bill of Materials (SBOM)

cyclonedx-cocoapods

Creates CycloneDX Software Bill-of-Materials (SBOM) from Objective-C and Swift projects that use CocoaPods.

sbom-comparator

Lockheed Martin developed utility to compare two CycloneDX SBOMs

gh-python-generate-sbom

GitHub action to generate a CycloneDX SBOM for Python

cyclonedx-node-pnpm

Create CycloneDX Software Bill of Materials (SBOM) from Node.js PNPM projects.

cdxgen-action

GitHub action for CycloneDX BOM generator (cdxgen). cdxgen produced bom xml file can be uploaded to dependency track, AppThreat and other commercial Software Composition Analysis (SCA) products

gh-gomod-generate-sbom

GitHub action to generate a CycloneDX SBOM for Go modules

gh-dotnet-generate-sbom

GitHub action to generate a CycloneDX SBOM for .NET

cyclonedx-property-taxonomy

A taxonomy of all official property namespaces and names

sbom-combiner

Lockheed Martin developed utility to combine multiple CycloneDX SBOMs

cyclonedx-authoring-tool

An experimental user interface for manually creating, editing, and viewing CycloneDX SBOMs

cyclonedx-php-library

PHP Implementation of CycloneDX Bill of Materials (BOM)

cyclonedx.org

guides

cyclonedx-nuget

Creates CycloneDX Software Bill-of-Materials (SBoM) from NuGet projects

cyclonedx-buildroot

Create CycloneDX Software Bill of Materials (SBOM) for Buildroot projects

cdxgen-plugins-bin

Binary plugins for @cyclonedx/cdxgen npm package

sbom-commons

Lockheed Martin developed common SBOM library

homebrew-cyclonedx

CycloneDX Homebrew Tap

cyclonedx-conda

conda plugin to generate CycloneDX SBOM

cyclonedx-otm-java

EXPERIMENTAL CycloneDX library and utility to convert BOMs into Open Threat Model (OTM) format

gh-php-composer-generate-sbom

GitHub action to generate a CycloneDX SBOM for PHP Composer

sbom-commons-combiner

Lockheed Martin developed common library to combine multiple SBOMs

gh-cocoapods-generate-sbom

GitHub action to generate a CycloneDX SBOM for Swift and Objective-C projects that use CocoaPods.

cyclonedx-esbuild-plugin

Create CycloneDX Software Bill of Materials (SBOM) from esbuild bundles at compile time.