renovate-to-sbom
renovate-to-sbom
Convert Renovate data exports to SBOMs
Usage
renovate-to-sbom 'path/to/*.json'
Examples
# to convert file(s) from renovate-graph's output:
renovate-to-sbom '../out/*.json' --out-format spdx2.3+json
# to convert file(s) from Renovate's debug logs (https://dmd.tanna.dev/cookbooks/consuming-renovate-debug-logs):
renovate-to-sbom renovate.log --out-format cyclonedx1.5+json
# to only include known pURL types, for instance if the consumer of this SBOM may be stricter on the types it supports
renovate-to-sbom renovate-output.json --out-format cyclonedx1.5+json --only-include-known-purl-types
Synopsis
Convert Renovate data exports to Software Bill of Materials (SBOMs)
Takes a data export from https://gitlab.com/tanna.dev/renovate-graph/ or the debug logs that come from Renovate (https://dmd.tanna.dev/cookbooks/consuming-renovate-debug-logs) and converts it to a Software Bill of Materials (SBOM).
Options
| Flag (type) | Usage | Notes |
|---|---|---|
-h, --help
|
help for renovate-to-sbom |
|
--no-progress
|
Whether to display progress bar while processing file(s) |
|
--only-include-known-purl-types
|
Whether to remove any dependencies from the resulting SBOMs if the Package URL (pURL) is not a known type according to the underlying pURL library |
|
--out-format (string)
|
Output SBOM format. Supported: [spdx2.3+json, cyclonedx1.5+json] |
|
--out-path (string)
|
Path to output generated SBOMs to |
|