Skip to content

Release v1.5.5

Choose a tag to compare

@github-actions github-actions released this 01 Jul 01:26
88ab21f

BomLens v1.5.5

Generate a CycloneDX SBOM, an open-source notice (고지문), and a security report from your source code — or assess the open-source risk of an SBOM or firmware you receive.

Changes

Fixed

  • Maven and Gradle source scans now record their direct dependencies in the SBOM dependency graph. The root component previously carried an empty dependsOn, so tools reading the graph classified every direct dependency as transitive. npm was unaffected.

Installation

Desktop app (double-click, no CLI)

Download BomLens-Setup.exe (Windows) or BomLens-Setup.dmg (macOS) from the assets below. Unsigned for now; if Windows SmartScreen warns, choose "More info", then "Run anyway".

Scripts

curl -O https://raw.githubusercontent.com/sktelecom/sbom-tools/main/scripts/scan-sbom.sh
chmod +x scan-sbom.sh

Docker Image

docker pull ghcr.io/sktelecom/sbom-generator:1.5.5   # legacy alias: sbom-scanner

Documentation