CLI Commands
cnspec sbom
Generate a software bill of materials (SBOM) for a given asset.
Generate a software bill of materials (SBOM) for a given asset. The SBOM is a representation of the asset's software components and their dependencies. This command is experimental and may change in the future.
cnspec sbom localGenerate an SBOM in CycloneDX JSON format:
cnspec sbom local -o cyclonedx-jsonGenerate an SBOM for a container image:
cnspec sbom container IMAGE_NAMEGenerate an SBOM for a remote system:
cnspec sbom ssh user@HOSTThe following output formats are supported:
- list (default)
- cnquery-json
- cyclonedx-json
- cyclonedx-xml
- spdx-json
- spdx-tag-value
Options
--annotation stringToString Add an annotation to the asset (default [])
--asset-name string User-override for the asset name
--discover strings Enable the discovery of nested assets. Supports: all, auto, container, container-images
-h, --help help for sbom
-o, --output string Set output format: json, cyclonedx-json, cyclonedx-xml, spdx-json, spdx-tag-value, table (default "list")
--output-target string Set output target to which the SBOM report will be written
--record string Record all resource calls and use resources in the recording
--sudo Elevate privileges with sudo
--use-recording string Use a recording to inject resource data (read-only)
--with-cpes Generate CPEs for each component
--with-evidence Include evidence for each componentOptions inherited from parent commands
--api-proxy string Set the proxy for communications with Mondoo Platform API
--auto-update Enable automatic provider installation and update (default true)
--config string Set config file path (default $HOME/.config/mondoo/mondoo.yml)
--log-level string Set the log level: error, warn, info, debug, trace (default "info")
-v, --verbose Enable verbose outputSEE ALSO
- cnspec - cnspec CLI