CycloneDX module for .NET
The CycloneDX module for .NET creates a valid CycloneDX bill-of-material document containing an aggregate of all project dependencies. CycloneDX is a lightweight BoM specification that is easily created, human readable, and simple to parse. The resulting bom.xml can be used with tools such as OWASP Dependency-Track for the continuous analysis of components.
dotnet tool install --global CycloneDX
If you already have a previous version of CycloneDX installed, you can upgrade to the latest version using the following command:
dotnet tool update --global CycloneDX
Usage: cyclonedx [path] -o [outputDirectory] Arguments: Path The path to a .sln, .csproj or .vbproj file Options: -o|--outputDirectory <OUTPUT_DIRECTORY> The directorty to write the BOM -?|-h|--help Show help information
To run the CycloneDX tool you need to specify a solution or project file. In case you pass a solution, the tool will aggregate all the projects.
cyclonedx YourSolution.sln -o /output/path
Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the LICENSE file for the full license.