The CycloneDX Ruby Gem creates a valid CycloneDX Software Bill of Materials (SBOM) from all project dependencies. CycloneDX is a lightweight SBOM specification that is easily created, human-readable, and simple to parse.
gem install cyclonedx-ruby gem build cyclonedx-ruby.gemspec
gem install cyclonedx-ruby-x.x.x.gem cyclonedx-ruby [options]
`-v, --[no-]verbose` Run verbosely
`-p, --path path` Path to Ruby project directory
`-o, --output bom_file_path` Path to output the bom file
`-f, --format bom_output_format` Output format for bom. Supported: xml (default), json
`-s, --spec-version version` CycloneDX spec version to target (default: 1.7). Supported: 1.1, 1.2, 1.3, 1.4, 1.5, 1.6, 1.7
`-h, --help` Show help message
Output: bom.xml or bom.json file in project directory
- By default, outputs conform to CycloneDX spec version 1.7.
- To generate an older spec version, use
--spec-version.
# Default (XML, CycloneDX 1.7)
cyclonedx-ruby -p /path/to/ruby/project
# JSON at CycloneDX 1.7
cyclonedx-ruby -p /path/to/ruby/project -f json
# XML at CycloneDX 1.3
cyclonedx-ruby -p /path/to/ruby/project -s 1.3
# JSON at CycloneDX 1.2 to a custom path
cyclonedx-ruby -p /path/to/ruby/project -f json -s 1.2 -o bom/out.jsonCycloneDX Ruby Gem is Copyright (c) OWASP Foundation. All Rights Reserved.
Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the LICENSE file for the full license.