cyclonedx-editor-validator 0.20.0

Tool for creating, modifying and validating CycloneDX SBOMs.

CycloneDX Editor/Validator

This command-line tool performs various actions on CycloneDX SBOMs. It allows you to modify, merge and validate your Software Bill of Materials (SBOM).

The tool is built with automation in mind, i.e. usage within CI/CD. We try to be as scriptable as possible with various command-line flags, avoiding interactive prompts, providing multiple output options and fine-grained exit codes.

Command overview

Command	Description
amend	Accepts a single input file and will apply one or multiple operations to it. Each operation modifies certain aspects of the SBOM. These modifications cannot be targeted at individual components in the SBOM which sets the amend command apart from set. Its use-case is ensuring an SBOM fulfils certain requirements in an automated fashion.
build-public	Creates a redacted version of an SBOM fit for publication.
init-sbom	Provides a first draft of an SBOM for manual completion.
list	Lists content of the SBOM.
merge	Merges two or more CycloneDX documents into one.
merge-vex	[Deprecated] Merges the vex information in two or more CycloneDX documents into one.
set	Sets properties on specified components to specified values. If a component in an SBOM is missing a particular property or the property is present but has a wrong value, this command can be used to modify just the affected properties without changing the rest of the SBOM.
validate	Validate the SBOM against a built-in or user-provided JSON schema.

Installation and usage

This tool is published on PyPi.

For detailed installation and usage guides, please refer to our official documentation.

Contributing

See our contribution guidelines.

License

This software is made available under the GNU General Public License v3 (GPL-3.0-or-later).