CycloneDX Application Analysis
NEW IN RELEASE 77
What is Supported
By scanning files with the following pattern <source>-bom.xml containing CycloneDX data (version 1.1 supported).
The source is used as an identification source which will be displayed in the Application Composition Report.
bom.xml is a valid option. If no source provided, Third Party is used by default for identification source in the Application Composition Report.
Remember initially only components with <purl> will be processed.
Steps to analyze using the CLI
Create the cyclonedx-bom.xml
For detailed instructions on CycloneDX schema please refer to the CycloneDX scanner documentation.
Example file content
Run a scan
Invoke a CLI scan of the directory containing cyclonedx-bom.xml. Instructions on how to do this can be found here https://help.sonatype.com/integrations/nexus-iq-cli.
The output from the cli