Integration with 3rd party sca platforms

CycloneDX / cdxgen

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server.

https://cyclonedx.github.io/cdxgen/

Apache License 2.0

555 stars 158 forks source link

Integration with 3rd party sca platforms #595

Open prabhu opened 12 months ago

prabhu commented 12 months ago

Currently, cdxgen supports submitting the generated sbom to the dependency track server. Could this be extended to support additional commercial and opensource platforms to simplify integration?

We are happy to consider pull requests.

sahil3112 commented 11 months ago

Hi @prabhu , Other than Dependency Track please list some other commercial and opensource platforms, if the platform provides API to input SBOM like DT then we can do that

prabhu commented 11 months ago

@sahil3112 we can accept platforms that support securely sharing and distributing sbom as well