Skip to main content

CycloneDX SBOM generation using vet

vet supports CycloneDx v1.6 SBOM generation. The generated SBOM provides a comprehensive inventory of all packages and their dependencies in the project. It includes security metadata like detected vulnerabilities, malware and license information of dependencies

Usageโ€‹

Perform vet scan with cdx report enabled. You may provide a custom application name used as root component of the SBOM

vet scan --report-cdx path/to/report.cdx.json \
--report-cdx-app-name myproject # Optional

Sample SBOMsโ€‹

Referenceโ€‹