cnquery sbom

Generate a software bill of materials (SBOM) for an asset, listing all software components and their dependencies. Use this to understand what's installed on an asset or to produce SBOM documents for compliance and supply chain security requirements. This command is experimental and may change in the future.

Supported output formats: list (default), cnquery-json, cyclonedx-json, cyclonedx-xml, spdx-json, and spdx-tag-value.

cnquery sbom local

Generate an SBOM in CycloneDX JSON format:

cnquery sbom local -o cyclonedx-json --output-target sbom.json

Generate an SBOM for a container image:

cnquery sbom docker image ubuntu:latest

Options

      --annotation stringToString   Add an annotation to the asset (default [])
      --asset-name string           Override the asset name
  -h, --help                        help for sbom
  -o, --output string               Set the output format: json, cyclonedx-json, cyclonedx-xml, spdx-json, spdx-tag-value, table (default "list")
      --output-target string        Set the output file for the SBOM report
      --sudo                        Elevate privileges with sudo
      --with-cpes                   Generate CPEs for each component
      --with-evidence               Include evidence for each component

Options inherited from parent commands

      --api-proxy string   Set the proxy for communications with Mondoo Platform API
      --auto-update        Enable automatic provider installation and update (default true)
      --config string      Set config file path (default $HOME/.config/mondoo/mondoo.yml)
      --log-level string   Set the log level: error, warn, info, debug, trace (default "info")
  -v, --verbose            Enable verbose output

Options

Options inherited from parent commands

SEE ALSO

On this page