view release on metacpan or  search on metacpan

bin/cpan-sbom  view on Meta::CPAN

#!/usr/bin/perl

use strict;
use warnings;
use utf8;

use App::CPAN::SBOM;

exit App::CPAN::SBOM->run(@ARGV) unless caller();

__END__

=encoding utf-8

=head1 NAME

cpan-sbom - CPAN SBOM (Software Bill of Materials) generator

=head1 SYNOPSIS

    cpan-sbom --distribution NAME@VERSION
    cpan-sbom --meta (META|MYMETA).(json|yml)

    cpan-sbom --project-directory DIRECTORY [ --project-name NAME --project-version VERSION --project-description TEXT
                                              --project-license SPDX-LICENSE --project-type BOM-TYPE
                                              --project-author STRING [--project-author STRING] ]

    cpan-sbom [--help|--man|-v]

    Options:
      -o, --output OUTPUT-FILE              Output file. Default bom.json 

          --distribution NAME@VERSION       Distribution name and version
          --meta META-FILE                  META or MYMETA file

          --project-directory NAME          Project directory
          --project-meta META-FILE          Project META or MYMETA file (alias of --meta)
          --project-type BOM-TYPE           Project type (default: library)
          --project-name NAME               Project name (default: project directory name)
          --project-version VERSION         Project version
          --project-author STRING           Project author(s)
          --project-license SPDX-LICENSE    Project SPDX license
          --project-description TEXT        Project description                  

          --maxdepth=NUM                    Max depth (default: 1)
          --vulnerabilities                 Include Module/Distribution vulnerabilities
          --no-vulnerabilities

          --validate                        Validate the generated SBOM using JSON Schema (default: true)
          --no-validate

          --list-spdx-licenses              List SPDX licenses
          --cyclonedx-spec-version VERSION  CycloneDX Specification version to use (default: 1.5)

          --debug                           Enable debug messages

          --help                            Brief help message
          --man                             Full documentation
      -v, --version                         Print version

    OWASP Dependency Track options:
          --server-url URL                  Dependency Track URL (Env: $DTRACK_URL)
          --api-key STRING                  API-Key (Env: $DTRACK_API_KEY)
          --skip-tls-check                  Disable SSL/TLS check (Env: $DTRACK_SKIP_TLS_CHECK)
          --project-id STRING               Project ID (Env: $DTRACK_PROJECT_ID)
          --project-name NAME               Project name (Env: DTRACK_PROJECT_NAME)
          --project-version VERSION         Project version (Env: $DTRACK_PROJECT_VERSION)
          --parent-project-id STRING        Parent project ID (Env: $DTRACK_PARENT_PROJECT_ID)

=head1 DESCRIPTION

C<cpan-sbom> CPAN SBOM (Software Bill of Materials) generator

=head1 EXAMPLES

    Create SBOM of specific distribution:

    $ cpan-sbom --distribution libwww-perl@6.78

    Create SBOM from META file:

    $ cpan-sbom --meta META.json

    Create SBOM from your project directory:

    $ cpan-sbom \
        --project-directory . \
        --project-name "My Cool Application" \
        --project-type application \
        --project-version 1.337 \
        --project-license Artistic-2.0
        --project-author "Larry Wall <larry@wall.org>"

    Create SBOM file and upload to OWASP Dependency Track:

    $ cpan-sbom \
      --meta META.json \
      --server-url https://dtrack.example.com \
      --api-key DTRAC-API-KEY \
      --project-id DTRACK-PROJECT-ID


=head1 SEE ALSO

L<SBOM::CycloneDX>

=head1 AUTHOR

L<Giuseppe Di Terlizzi|https://metacpan.org/author/gdt>