CycloneDX SBOM generation using vet
vet
supports CycloneDx v1.6 SBOM generation. The generated SBOM provides a comprehensive inventory of all packages and their dependencies in the project. It includes security metadata like detected vulnerabilities, malware and license information of dependencies
Usageโ
Perform vet scan with cdx report enabled. You may provide a custom application name used as root component of the SBOM
vet scan --report-cdx path/to/report.cdx.json \
--report-cdx-app-name myproject # Optional