11 releases
0.4.1 | Nov 23, 2023 |
---|---|
0.4.0 | Nov 13, 2023 |
0.3.8 | Jun 28, 2023 |
0.3.7 | Sep 15, 2022 |
0.3.1 | Dec 9, 2021 |
#69 in Cargo plugins
805 downloads per month
605KB
14K
SLoC
cargo-cyclonedx
The CycloneDX plugin for cargo
creates a custom cargo
subcommand that generates a Software Bill-of-Materials (SBOM) file that describes the cargo
project.
CycloneDX is a lightweight SBOM specification that is easily created, human and machine readable, and simple to parse.
Usage
Installing
cargo install cargo-cyclonedx
Executing from cargo
cargo cyclonedx
This produces a bom.xml
file adjacent to every Cargo.toml
file that exists in the workspace.
Command-line options
--manifest-path <PATH>
Path to Cargo.toml
-f, --format <FORMAT>
Output BOM format: json, xml
-v, --verbose...
Use verbose output (-vv very verbose/build.rs output)
-q, --quiet
No output printed to stdout
--all-features
Activate all available features
--no-default-features
Do not activate the `default` feature
-F, --features <FEATURES>
Space or comma separated list of features to activate
--target <TARGET>
The target to generate the SBOM for, e.g. 'x86_64-unknown-linux-gnu'.
Use 'all' to include dependencies for all possible targets.
Defaults to the host target, as printed by 'rustc -vV'
--target-in-filename
Include the target platform of the BOM in the filename. Implies --output-cdx
-a, --all
List all dependencies instead of only top-level ones (default)
--top-level
List only top-level dependencies
--output-cdx
Prepend file extension with .cdx
--output-pattern <PATTERN>
Prefix patterns to use for the filename: bom, package
--output-prefix <FILENAME_PREFIX>
Custom prefix string to use for the filename
--license-strict
Reject the deprecated '/' separator for licenses, treating 'MIT/Apache-2.0' as an error
--license-accept-named <LICENSE_ACCEPT_NAMED>
Add license names which will not be warned about when parsing them as a SPDX expression fails
-h, --help
Print help (see a summary with '-h')
-V, --version
Print version
Copyright & License
CycloneDX Rust Cargo is Copyright (c) OWASP Foundation. All Rights Reserved.
Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the LICENSE file for the full license.
Dependencies
~13MB
~245K SLoC