SBOM Report

A command-line utility written in TypeScript for creating static reports in GitHub-Flavored Markdown (GFM) from CycloneDX SBOM JSON files.

Usage

To install globally:

$ npm i -g sbom-report

Creating SBOMs

There are many tools for generating SBOMs. If you would like to incorporate auto-generation into an npm-based project, you can npm i --save-dev @cyclonedx/bom and add the following scripts to your package.json:

{
    "scripts": {
        "sbom": "cyclonedx-bom -o sbom.json -l",
        "sbom-dev": "cyclonedx-bom -o sbom-with-dev.json -l -d",
    }
}

Generating a GitHub-Flavored Markdown Report

Once you have a valid CycloneDX SBOM JSON file, use it as input to sbom-report, like so:

$ sbom-report generate <my_sbom.json> -t 'Optional Report Title' > report.md

You can style the Markdown with CSS by inlining it into the output document, like so:

$ sbom-report generate <my_sbom.json> -t 'Optional Report Title' -s my_stylesheet.css > report.md

You can roll your own stylesheet or use existing markdown themes such as https://markdowncss.github.io/

The generated Markdown document uses GitHub-Flavored Markdown (GFM) syntax and extensions, including a metadata section at the top. To render a valid HTML document, you can use a tool like showdown for the conversion.

$ npm i -g showdown
$ showdown makehtml -i report.md -o report.html -p github -c completeHTMLDocument metadata

Example

License

Released under the Apache 2.0 license. Copyright 2020 © Preston Lee. All rights reserved.

Attribution

Written by Preston Lee.