Skip to content

Latest commit

 

History

History
102 lines (72 loc) · 2.4 KB

creating-npm-sbom.md

File metadata and controls

102 lines (72 loc) · 2.4 KB

Creating SBOMs from npm Projects

Introduction

SBOMs can be created from npm based projects. This tutorial illustrates how to create a CycloneDX  SBOM from an npm project using the cyclonedx- node-npm cli.

Note(s)

Testing done on Ubuntu 20.04 x86_64.

Prerequisites

node >= 14

npm 6 - 10

Installation

Install the cli by the command

npm install --global @cyclonedx/cyclonedx-npm

Alternatively, npx can be used via:

npx --package @cyclonedx/cyclonedx-npm --call exit

Running

Navigate to the npm project folder. 

Create the SBOM  by running the following within the npm project:

cyclonedx-npm –output-file <set-sbom-name.set-output-format> –output-format <set-output-format>

e.g.

cyclonedx-npm  –output-file project-sbom.json –output-format json

The sbom file will be located in the folder. However, it is possible to specify another directory by specifying a full path in the –output-file flag.

e.g.

cyclonedx-npm –output-file /home/directory-for-sboms/project-sbom.json –output-format json

Note that cyclonedx-node-npm requires a manifest file, i.e. a package.json file.

SBOM

<title>Pretty JSON Display</title> <style> #json-container { height: 400px; /* Set a fixed height */ overflow-y: auto; /* Enable vertical scrolling */ border: 2px solid #ccc; /* Optional: add a border for visibility */ padding: 10px; } pre { margin: 0; white-space: pre-wrap; word-wrap: break-word; } </style>

    
<script> fetch('./cyclonedx-node-npm-sbom.json') .then(response => response.json()) .then(data => { document.getElementById('json-display').textContent = JSON.stringify(data, null, 2); }) .catch(error => console.error('Error fetching JSON:', error)); </script>

References