CycloneDX 0.9.0
A .NET Core global tool to generate CycloneDX bill-of-material documents for use with Software Composition Analysis (SCA).
dotnet tool install --global CycloneDX --version 0.9.0
CycloneDX module for .NET
The CycloneDX module for .NET creates a valid CycloneDX bill-of-material document containing an aggregate of all project dependencies. CycloneDX is a lightweight BOM specification that is easily created, human readable, and simple to parse.
Usage
Installing
dotnet tool install --global CycloneDX
If you already have a previous version of CycloneDX installed, you can upgrade to the latest version using the following command:
dotnet tool update --global CycloneDX
Options
Usage: CycloneDX [path] -o [outputDirectory]
Arguments:
Path The path to a .sln, .csproj, .vbproj, or packages.config file or the path to a directory which will be recursively analyzed for packages.config files.
Options:
-o|--out <DIR> The directorty to write the BOM
-u|--url <URL> Alternative NuGet repository URL to v3-flatcontainer API (a trailing slash is required).
-r|--recursive To be used with a single project file, it will recursively scan project references of the supplied .csproj.
-ns|--noSerialNumber Do not generate bom serial number
-?|-h|--help Show help information
Examples
To run the CycloneDX tool you need to specify a solution or project file. In case you pass a solution, the tool will aggregate all the projects.
The following will create a BOM from a solution and all projects defined within:
dotnet CycloneDX YourSolution.sln -o /output/path
The following will recursively scan the directory structure for packages.config and create a BOM:
dotnet CycloneDX /path/to/project -o /output/path
The following will recursively scan the project references of the supplied .csproj file, and create a BOM of all package references from all included projects:
dotnet CycloneDX /path/to/project/MyProject.csproj -o /output/path -r
CycloneDX module for .NET
The CycloneDX module for .NET creates a valid CycloneDX bill-of-material document containing an aggregate of all project dependencies. CycloneDX is a lightweight BOM specification that is easily created, human readable, and simple to parse.
Usage
Installing
dotnet tool install --global CycloneDX
If you already have a previous version of CycloneDX installed, you can upgrade to the latest version using the following command:
dotnet tool update --global CycloneDX
Options
Usage: CycloneDX [path] -o [outputDirectory]
Arguments:
Path The path to a .sln, .csproj, .vbproj, or packages.config file or the path to a directory which will be recursively analyzed for packages.config files.
Options:
-o|--out <DIR> The directorty to write the BOM
-u|--url <URL> Alternative NuGet repository URL to v3-flatcontainer API (a trailing slash is required).
-r|--recursive To be used with a single project file, it will recursively scan project references of the supplied .csproj.
-ns|--noSerialNumber Do not generate bom serial number
-?|-h|--help Show help information
Examples
To run the CycloneDX tool you need to specify a solution or project file. In case you pass a solution, the tool will aggregate all the projects.
The following will create a BOM from a solution and all projects defined within:
dotnet CycloneDX YourSolution.sln -o /output/path
The following will recursively scan the directory structure for packages.config and create a BOM:
dotnet CycloneDX /path/to/project -o /output/path
The following will recursively scan the project references of the supplied .csproj file, and create a BOM of all package references from all included projects:
dotnet CycloneDX /path/to/project/MyProject.csproj -o /output/path -r
Release Notes
See https://github.com/CycloneDX/cyclonedx-dotnet/blob/master/CHANGELOG.md#090 for release notes.
Dependencies
This package has no dependencies.