Skip to content
Creates CycloneDX Software Bill-of-Materials (SBoM) from Gradle projects
Branch: master
Clone or download
Latest commit 9c25d8a Jul 1, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github Updating to 30 days Jun 12, 2019
src bump Jul 1, 2019
.travis.yml Changing from Oracle JDK to OpenJDK Jun 12, 2019
LICENSE Initial commit May 30, 2018 #6 - Added plugin resolution clarification to readme Jul 1, 2019
pom.xml [maven-release-plugin] prepare for next development iteration Jun 28, 2019 Added release script Jun 28, 2019

Build Status License Website Group Discussion Twitter

CycloneDX Gradle Plugin

The CycloneDX Gradle plugin creates an aggregate of all dependencies and transitive dependencies of a project and creates a valid CycloneDX bill-of-material document from the results. CycloneDX is a lightweight BoM specification that is easily created, human readable, and simple to parse. The resulting bom.xml can be used with tools such as OWASP Dependency-Track for the continuous analysis of components.



gradle cyclonedxBom

Output CycloneDX Generation Info:

gradle cyclonedxBom -info

Exclude BOM Serial Number:

gradle cyclonedxBom -Pcyclonedx.includeBomSerialNumber=false

build.gradle (excerpt)

plugins {
    id '' version '1.0.0' apply true

apply plugin: 'java'
apply plugin: 'maven'

repositories {

settings.gradle (excerpt)

pluginManagement {
    resolutionStrategy {
        eachPlugin {
            if ( == '') {
    repositories {

Once a BOM is generated, it will reside at ./build/reports/bom.xml

Copyright & License

CycloneDX Gradle Plugin is Copyright (c) Steve Springett. All Rights Reserved.

Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the LICENSE file for the full license.

You can’t perform that action at this time.