Convert Renovate data exports to SBOMs


renovate-to-sbom 'path/to/*.json'


# to convert file(s) from renovate-graph's output:
renovate-to-sbom '../out/*.json'      --out-format spdx2.3+json
# to convert file(s) from Renovate's debug logs (
renovate-to-sbom renovate.log         --out-format cyclonedx1.5+json
# to only include known pURL types, for instance if the consumer of this SBOM may be stricter on the types it supports
renovate-to-sbom renovate-output.json	--out-format cyclonedx1.5+json --only-include-known-purl-types


Convert Renovate data exports to Software Bill of Materials (SBOMs)

Takes a data export from or the debug logs that come from Renovate ( and converts it to a Software Bill of Materials (SBOM).


Flag (type) Usage Notes
-h, --help help for renovate-to-sbom
--no-progress Whether to display progress bar while processing file(s)
--only-include-known-purl-types Whether to remove any dependencies from the resulting SBOMs if the Package URL (pURL) is not a known type according to the underlying pURL library
--out-format (string) Output SBOM format. Supported: [spdx2.3+json, cyclonedx1.5+json]
--out-path (string) Path to output generated SBOMs to