CLI Commands

cnspec sbom

Generate a software bill of materials (SBOM) for a given asset.

Generate a software bill of materials (SBOM) for a given asset. The SBOM is a representation of the asset's software components and their dependencies. This command is experimental and may change in the future.

cnspec sbom local

Generate an SBOM in CycloneDX JSON format:

cnspec sbom local -o cyclonedx-json

Generate an SBOM for a container image:

cnspec sbom container IMAGE_NAME

Generate an SBOM for a remote system:

cnspec sbom ssh user@HOST

The following output formats are supported:

  • list (default)
  • json
  • cyclonedx-json
  • cyclonedx-xml
  • spdx-json
  • spdx-tag-value

Options

      --annotation stringToString   Add an annotation to the asset in the form KEY=VALUE (default [])
      --asset-name string           User-override for the asset name
      --discover strings            Enable the discovery of nested assets. Supports: all, auto, container, container-images
  -h, --help                        help for sbom
  -o, --output string               Set output format: json, cyclonedx-json, cyclonedx-xml, spdx-json, spdx-tag-value, table (default "list")
      --output-target string        Set output target to which the SBOM report will be written
      --record string               Record all resource calls and use resources in the recording
      --sudo                        Elevate privileges with sudo
      --use-recording string        Use a recording to inject resource data (read-only)
      --with-cpes                   Generate CPEs for each component
      --with-evidence               Include evidence for each component

Options inherited from parent commands

      --api-proxy string        Set the proxy for communications with Mondoo Platform API
      --auto-update             Enable automatic provider installation and update (default true)
      --config string           Set config file path (default $HOME/.config/mondoo/mondoo.yml)
      --log-level string        Set the log level: error, warn, info, debug, trace (default "info")
      --logging-config string   Path to a logging configuration file (YAML or JSON) that selects the log writer, level, and writer-specific options
  -v, --verbose                 Enable verbose output

SEE ALSO

On this page