This reporistory contains a command line interface (cli), based on the protobom library, that converts SBOMs across formats (SPDX and CycloneDX).
sbom-convert convert [input] [flags]
sbom-convert [input] [flags]
The convert command takes in a single - as of now - json file in either SPDX or CycloneDX format, and outputs an SBOM in a different format.
- The file must be json
- The file must be a valid CycloneDX / SPDX document
-e,--encoding: (string, optional) The output encoding [spdx: [text, json] cyclonedx: [json] (default "json")-f,--format: (string, Required) The output format [spdx, spdx-2.3, cyclonedx, cyclonedx-1.4]-h,--help:` help for convert-o,--output: (string, optional) Path to write the converted SBOM. Default: stdout. A user can provide just a string for the filename (e.g "mybom"), which will create a filemybom.json. Users can also specify an SPDX tag-value format, e.g.myBOM.spdx.
Global Flags:
-c,--config: (string, optional) Path to config file-v,--verbose: log verbosity level (-v=info, -vv=debug, -vvv=trace)
sbom-convert convert sbom.cdx.json output to stdout in inverse format
sbom-convert convert sbom.spdx.json -o sbom.cdx.json output to a file
sbom-convert convert sbom.cdx.json -f spdx-2.3 select a specific target format
sbom-convert convert sbom.cdx.json -f spdx -e text select specific encoding
The architecture of the CLI looks more or less like this:
flowchart TB
a2-->b2
b2-->c2
b2-->c3
subgraph "sbom-convert"
subgraph "End User CLI"
a2("internal/cmd")
end
subgraph "translate API"
b2("translate.Translator")
end
end
subgraph "protobom API"
c2("writer.Writer")-->c4("writer.Serializer")
c3("reader.Reader")-->c5("reader.Unserializer")
end