Versions:
CycloneDX Generator (cdxgen), maintained by the OWASP Foundation, is a polyglot command-line tool and library designed to create Bill of Materials documents that conform to the CycloneDX specification. Aimed at development, security, and DevOps teams, the utility automates the generation of comprehensive Software Bill of Materials (SBOM) for virtually any application codebase or container image with a single command, while also supporting Operations Bill of Materials (OBOM) output for live Linux and Windows hosts. Its language-agnostic scanners detect direct, transitive, and operating-system dependencies, then serialize results in standardized JSON or XML formats that can be consumed by policy engines, license auditors, and vulnerability-management platforms. Release 12.1.5, the twenty-ninth public iteration since inception, introduces refined container image parsing, improved CI/CD integrations, and the option to auto-submit generated BOMs to a Dependency-Track server for immediate risk analysis. Typical use cases include upstream supply-chain verification prior to deployment, continuous compliance reporting mandated by secure software supply-chain frameworks, forensic inventory of legacy systems, and baseline asset enumeration for cloud migration projects. Because the tool exposes both an installable binary and a reusable library, it slots easily into existing pipelines built on Jenkins, GitHub Actions, Azure DevOps, GitLab CI, or bespoke shell scripts, enabling unattended SBOM/OBOM creation on every pull request, container build, or infrastructure provisioning run. The software is available for free on get.nero.com, with downloads provided via trusted Windows package sources (e.g. winget), always delivering the latest version, and supporting batch installation of multiple applications.
Tags: