About

This utility enhances an SPDX SBOM with transitive dependency information provided by other SBOMs.

Usage

Usage: transitive-sbom [options]

Options:
  -v, --version                          Output the version
  -h, --help                             Display help
  -i, --input <sbom.spdx.json>           Input SPDX json file
  -o, --output <sbom.spdx.json>          Output SPDX json file
  -p, --path <glob-pattern>              Supplemental SBOM search path
  --mermaid                              Generate mermaid diagram

Mermaid Diagrams

The mermaid option generates a mermaid "Mindmap" diagram of the package names.

mindmap
  INFUSION
    Windows Embedded Standard 7
       Net Frame Work
    Windows Embedded Standard 7 with SP1 patches
    SQL 2005 Express
    Java 8
      Tomcat 9
      Spring Framework

This can be processed by tools such as mermaid-cli into a diagram such as:

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
.github/workflows		.github/workflows
docs		docs
src/DemaConsulting.Sbom.TransitiveSpdx		src/DemaConsulting.Sbom.TransitiveSpdx
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
TransitiveSpdx.sln		TransitiveSpdx.sln
TransitiveSpdx.sln.DotSettings		TransitiveSpdx.sln.DotSettings

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

About

Usage

Mermaid Diagrams

About

Uh oh!

Releases 1

Packages

Uh oh!

Languages

License

demaconsulting/TransitiveSpdx

Folders and files

Latest commit

History

Repository files navigation

About

Usage

Mermaid Diagrams

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases 1

Packages 0

Uh oh!

Languages

Packages