Tool name: cdxgen #68
Description
homepage_url
https://github.com/CycloneDX/cdxgen
contact_email
code_view_url
https://github.com/CycloneDX/cdxgen
spdx_license_expression
Apache-2.0
description
cdxgen is a CLI tool, library, REPL, and server to create a valid and compliant CycloneDX Bill of Materials (BOM) containing an aggregate of all project dependencies in JSON format.
primary_languages
JavaScript
short_term_roadmap
Refer to the GitHub projects. cdxgen top issues
long_term_roadmap
Make cdxgen data more useful for large scale analysis.
proprietary_data
- Yes, the tool depends on proprietary data sources
commercial_features
- Yes, the tool has a commercial version with different/additional features
capabilities
- Identifiers - Use Package-URL (PURL) identifiers
- Identifiers - Use SPDX license expressions
- Scanning - Analyze package manifests and lockfiles
- Scanning - Analyze package files
- Scanning - Scan for copyright
- Scanning - Scan for license
- Scanning - Analyze source code
- Scanning - Analyze containers
- Scanning - Analyze installed system packages (linux distros)
- Scanning - Analyze installed application packages
- Scanning - Other analysis
- Packages - Inventory packages
- Packages - Inventory packages dependencies
- Packages - Resolve dependencies
- Packages - Navigate or display dependency graph
- Compliance - Generate CycloneDX SBOMs
- Compliance - Generate SPDX SBOMs
- Compliance - Validate CycloneDX SBOM
- Compliance - Validate SPDX SBOMs
- Compliance - Generate CycloneDX VEX
- Compliance - Generate CSAF VEX
- Compliance - Generate OpenVex
- Compliance - Generate other compliance documents
- Policies - Define and check license policies
- Policies - Define and check security policies
- Policies - Define and check other policies
- Data - Database of Package metadata
- Data - Database of Package dependency relationships
- Data - Database of License obligations
- Data - Database of Licenses
- Data - Database of Vulnerabilities
- License - Help triage license issues
- License - Generate license credit and attribution notices
- License - Generate source code redistribution lists
- Vulnerabilities - Detect vulnerable code in packages
- Vulnerabilities - Find known vulnerabilities for package
- Vulnerabilities - Determine reachable vulnerabilities
- Vulnerabilities - Help triage vulnerabilities
- Binaries - Analyze binaries
- Binaries - Analyze ELF binaries
- Binaries - Analyze Windows binaries
- Binaries - Analyze firmware binaries
- Binaries - Analyze Other binaries
- Matching - Match source code
- Matching - Match binary code
- Tracing - Trace code execution
- Tracing - Trace build
- Code Security - Analyze code statically (SAST/linting)
- Code Security - Analyze code dynamically (DAST)
- Download - Source package
- Download - Source repositories
- Download - Binary package
- Deployment - Deployable as containers (Docker/OCI/k8s/etc)
- Deployment - Deployable in CI/CD pipelines
- Deployment - Deployable as a library
- Run - Run as a command line tool
- Run - Run as a web application
- Run - Run as an API service
other_capabilities
Plot precise occurrences and callstack evidence with atom.