2019-11-19 07:15:01 +00:00
|
|
|
rebar3_sbom
|
2019-11-20 07:07:37 +00:00
|
|
|
===========
|
2019-11-19 07:15:01 +00:00
|
|
|
|
|
|
|
|
Generates a Software Bill-of-Materials (SBoM) in CycloneDX format
|
|
|
|
|
|
|
|
|
|
Use
|
|
|
|
|
---
|
|
|
|
|
|
2019-11-20 07:07:37 +00:00
|
|
|
Add rebar3_sbom to your rebar config, either in a project or globally in
|
2019-11-19 07:15:01 +00:00
|
|
|
~/.config/rebar3/rebar.config:
|
|
|
|
|
|
|
|
|
|
{plugins, [rebar3_sbom]}.
|
|
|
|
|
|
2019-11-20 07:07:37 +00:00
|
|
|
Then run the 'sbom' task on a project:
|
2019-11-19 07:15:01 +00:00
|
|
|
|
2019-11-19 07:55:03 +00:00
|
|
|
$ rebar3 sbom
|
|
|
|
|
===> Verifying dependencies...
|
|
|
|
|
===> CycloneDX SBoM written to bom.xml
|
2019-11-20 07:07:37 +00:00
|
|
|
|
|
|
|
|
The following command line options are supported:
|
|
|
|
|
|
|
|
|
|
-o, --output the full path to the SBoM output file [default: bom.xml]
|
|
|
|
|
-f, --force overwite existing files without prompting for confirmation
|
|
|
|
|
[default: false]
|
|
|
|
|
|
|
|
|
|
By default only dependencies in the 'default' profile are included. To
|
|
|
|
|
generate an SBoM covering development environments specify the relevant
|
|
|
|
|
profiles using 'as':
|
|
|
|
|
|
|
|
|
|
$ rebar3 as default,test,docs sbom -o dev_bom.xml
|
