Skip to content

jqassistant-plugin/jqassistant-cyclonedx-plugin

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

56 Commits
src
src
 
 
.editorconfig
.editorconfig
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
model.drawio.png
model.drawio.png
 
 
pom.xml
pom.xml
 
 
readme.adoc
readme.adoc
 
 

Repository files navigation

jQAssistant CycloneDX Plugin

This is the CycloneDX Plugin of jQAssistant.

It provides a scanner for SBOM files, as generated by the CycloneDX Maven Plugin, Syft or Nexus IQ and imports component information, dependencies and vulnerabilities.

Usage

Declare the plugin in the plugins section of the .jqassistant.yml configuration file of your project:

.jqassistant.yml
jqassistant:
  plugins:
    # Declares the jQAssistant CycloneDX plugin
    - group-id: org.jqassistant.plugin
      artifact-id: jqassistant-cyclonedx-plugin
      version: 1.0.0
  scan:
    include:
      files:
        - cyclonedx:sbom::<path_to_>/sbom.xml
        - cyclonedx:sbom::<path_to_>/sbom.json

Model

The SBOM scanner creates a graph based on the following model:

model.drawio

Limitations

  • The scanner currently supports a subset of the items defined in CycloneDX SBOM schema version 1.4. Feel free to raise an issue or provide a PR if any important information is missing.

Changelog

1.0.0

  • Initial Release

About

@jQAssistant plugin to scan and analyze CycloneDX files (e.g. SBOM).

Topics

plugin scanner jqassistant sbom cyclonedx

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages