Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: add CycloneDX 1.6 to README #1174

Merged
merged 3 commits into from
Apr 22, 2024
Merged

docs: add CycloneDX 1.6 to README #1174

Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
b6e3905
Update README help page
XSpielinbox Apr 21, 2024
0cc4beb
Add custom line breaks
XSpielinbox Apr 22, 2024
72a2dd2
Update README.md
jkowalleck Apr 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 13 additions & 27 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,42 +74,28 @@ Usage: cyclonedx-npm [options] [--] [<package-manifest>]
Create CycloneDX Software Bill of Materials (SBOM) from Node.js NPM projects.

Arguments:
<package-manifest> Path to project's manifest file.
(default: "package.json" file in current working directory)
<package-manifest> Path to project's manifest file. (default: "package.json" file in current working directory)
XSpielinbox marked this conversation as resolved.
Show resolved Hide resolved

Options:
--ignore-npm-errors Whether to ignore errors of NPM.
This might be used, if "npm install" was run with "--force" or "--legacy-peer-deps".
(default: false)
This might be used, if "npm install" was run with "--force" or "--legacy-peer-deps". (default: false)
--package-lock-only Whether to only use the lock file, ignoring "node_modules".
This means the output will be based only on the few details in and the tree described by the "npm-shrinkwrap.json" or "package-lock.json", rather than the contents of "node_modules" directory.
(default: false)
--omit <type...> Dependency types to omit from the installation tree.
(can be set multiple times)
(choices: "dev", "optional", "peer", default: "dev" if the NODE_ENV environment variable is set to "production", otherwise empty)
This means the output will be based only on the few details in and the tree described by the "npm-shrinkwrap.json" or "package-lock.json", rather than the contents of "node_modules" directory. (default: false)
--omit <type...> Dependency types to omit from the installation tree.(can be set multiple times) (choices: "dev", "optional", "peer", default: "dev" if the NODE_ENV environment variable is set to "production", otherwise empty)
--flatten-components Whether to flatten the components.
This means the actual nesting of node packages is not represented in the SBOM result.
(default: false)
This means the actual nesting of node packages is not represented in the SBOM result. (default: false)
--short-PURLs Omit all qualifiers from PackageURLs.
This causes information loss in trade-off shorter PURLs, which might improve ingesting these strings.
(default: false)
--spec-version <version> Which version of CycloneDX spec to use.
(choices: "1.2", "1.3", "1.4", "1.5", default: "1.4")
This causes information loss in trade-off shorter PURLs, which might improve ingesting these strings. (default: false)
--spec-version <version> Which version of CycloneDX spec to use. (choices: "1.2", "1.3", "1.4", "1.5", "1.6", default: "1.4")
--output-reproducible Whether to go the extra mile and make the output reproducible.
This requires more resources, and might result in loss of time- and random-based-values.
(env: BOM_REPRODUCIBLE)
--output-format <format> Which output format to use.
(choices: "JSON", "XML", default: "JSON")
This requires more resources, and might result in loss of time- and random-based-values. (env: BOM_REPRODUCIBLE)
--output-format <format> Which output format to use. (choices: "JSON", "XML", default: "JSON")
--output-file <file> Path to the output file.
Set to "-" to write to STDOUT.
(default: write to STDOUT)
--validate Validate resulting BOM before outputting. Validation is skipped, if requirements not met.
(default: true)
Set to "-" to write to STDOUT. (default: write to STDOUT)
--validate Validate resulting BOM before outputting. Validation is skipped, if requirements not met. See the README.
--no-validate Disable validation of resulting BOM.
--mc-type <type> Type of the main component.
(choices: "application", "firmware", "library", default: "application")
-v, --verbose Increase the verbosity of messages.
Use multiple times to increase the verbosity even more.
--mc-type <type> Type of the main component. (choices: "application", "firmware", "library", default: "application")
-v, --verbose Increase the verbosity of messages. Use multiple times to increase the verbosity even more.
-V, --version output the version number
-h, --help display help for command
```
Expand Down