CycloneDX SBOM

Creates software bills of materials (SBOM) in the CycloneDX format.

Configuration

Example

Use the following syntax to configure this plugin globally as part of config.yml:

ort:
  reporter:
    reporters:
      CycloneDX:
        options:
          schemaVersion: 1.6
          dataLicense: "CC0-1.0"
          singleBom: true
          outputFileFormats: JSON

Options

schemaVersion

Alias: schema.version

Possible values: 1.0, 1.1, 1.2, 1.3, 1.4, 1.5, 1.6

The CycloneDX schema version to use. Defaults to "1.6".

dataLicense

Alias: data.license

The license for the data contained in the report. Defaults to "CC0-1.0".

singleBom

Alias: single.bom

If true (the default), a single SBOM for all projects is created; if set to false, separate SBOMs are created for each project.

outputFileFormats

Alias: output.file.formats

Possible values: XML, JSON

A comma-separated list of (case-insensitive) output formats to export to. Supported are XML and JSON.

Configuration​

Example​

Options​

schemaVersion​

dataLicense​

singleBom​

outputFileFormats​