The CycloneDX module for Node.js creates a valid CycloneDX Softare Bill-of-Material (SBoM) containing an aggregate of all project dependencies. CycloneDX is a lightweight SBoM specification that is easily created, human and machine readable, and simple to parse. The resulting bom.xml can be used with tools such as OWASP Dependency-Track for the continuous analysis of components.
npm install -g @cyclonedx/bom$ cyclonedx-bom -h
Usage: cyclonedx-bom [OPTIONS] [path]
Options:
-h - this help
-a <path> - merge in additional modules from other scanner
-o <path> - write to file instead of stdout
-v10 - generate CycloneDX v1.0
-v11 - generate CycloneDX v1.1 (default)
-ns - do not generate bom serial number (schema v1.1 or higher)
-d - include devDependencies
--version - print version numbercyclonedx-bom -o bom.xmlPermission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the LICENSE file for the full license.