Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[feature] Add support for CycloneDX output to the info command #9787

Closed
1 task done
coderpatros opened this issue Oct 13, 2021 · 3 comments · Fixed by conan-io/conan-extensions#66
Closed
1 task done

[feature] Add support for CycloneDX output to the info command #9787

coderpatros opened this issue Oct 13, 2021 · 3 comments · Fixed by conan-io/conan-extensions#66
Assignees
@memsharded
Labels
type: feature
Milestone
2.X

Comments

@coderpatros
Copy link

Hi, full disclosure, I work on the OWASP CycloneDX software bill of materials project https://cyclonedx.org/.

A software bill of materials, in a very basic sense, is a list of all the components that make up a piece of assembled software.

The current output of the info command provides this information.

But that output format is specific to the Conan ecosystem. CycloneDX is an ecosystem agnostic format.

Having this information in a standard format helps with a number of use cases. Identifying components with known vulnerabilities, OSS license compliance, and supply chain component analysis, as examples. Especially in organisations that are building software in multiple ecosystems.

I had been planning to implement a specific tool to do this. But after digging into it, I think it might be better to add it as an additional output format for the info command. Perhaps a --cyclonedx-json option?

If this is something you'd accept a PR for let me know and I'll start working on the implementation and tests.
@memsharded memsharded self-assigned this Oct 13, 2021
@memsharded memsharded added this to the 2.X milestone Oct 13, 2021
@memsharded
Copy link
Member

Hi @coderpatros

This looks interesting, and we are willing to accept contributions for this. But right now we are moving fast from 1.X => 2.0, it won't make sense to duplicate the effort, all the interfaces, APIs, etc are being re-designed.

Lets follow up when the Conan 2.0 python api is at least there (will be in a few months, while beta stage), to implement this. Thanks for offering to contribute it!

@coderpatros
Copy link
Author

Thanks @memsharded, sounds good to me.

@memsharded
Copy link
Member

#14405 is proposing support for this

@memsharded memsharded mentioned this issue Aug 1, 2023
Closed
5 tasks
@jkowalleck jkowalleck mentioned this issue Aug 2, 2023
Open
@hedtke hedtke mentioned this issue Aug 3, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@memsharded memsharded

Labels
type: feature
Projects
None yet
Milestone
2.X
Development

Successfully merging a pull request may close this issue.

Add new command sbom:cyclonedx
Add format 'cyclonedx' as output format for the graph command
2 participants
@coderpatros @memsharded