martias
commented
1 year ago This command is used to show the dependencies of a Package.swift
swift package show-dependencies --format json
Open martias opened 1 year ago
martias
commented
1 year ago This command is used to show the dependencies of a Package.swift
swift package show-dependencies --format json
martias
commented
1 year ago Wohoo, did it!!! cloned swift-tools-support-core locally and added to the Package.swift dependencies, the following line
.package(path: "../swift-tools-support-core"),
generated the following script swift-package-list.zip
which can be used with
swift-package-sbom generate
> report.json
martias
commented
1 year ago This script gets the list of SMP dependencies in a project
generate the following script swift-package-list.zip
which can be used with
./swift-package-list
.xcodeproj
stevespringett
commented
1 year ago Fantastic that you’re reviving this project. If you have questions on CycloneDX, please let me know. There’s also a great community on our Slack as well. Once released, let me know and we can update the Tool Center.
martias
commented
1 year ago Thanks @stevespringett !. I will be working on this with our security team. When I have something working I will let you know.
martias
commented
1 year ago With the update to swift 5.7.2 it is no longer necessary to have swift-tools-support-core as local 🥳
b697d01029a0651ecb1b8f19627c2ac056705d3a
I will use this epic as a way to gather all the information related to this project
Official CycloneDX tools center -> https://cyclonedx.org/tool-center/
Fail to generate spdx file for packages with Swift Package Manager -> https://github.com/opensbom-generator/spdx-sbom-generator/issues/265