Skip to content

Commit cb19d12

Browse files
prabhuprabhu
committed
Update docs
Signed-off-by: Prabhu Subramanian <[email protected]>
1 parent b704676 commit cb19d12

File tree

5 files changed

+32
-27
lines changed

5 files changed

+32
-27
lines changed

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -84,7 +84,7 @@ deno install --allow-read --allow-env --allow-run --allow-sys=uid,systemMemoryIn
8484

8585
You can also use the cdxgen container image with node, deno, or bun runtime versions.
8686

87-
The default version uses Node.js 22
87+
The default version uses Node.js 23
8888

8989
```bash
9090
docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen:master -r /app -o /app/bom.json

ci/base-images/README.md

Lines changed: 25 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -6,30 +6,31 @@ Custom language specific base images contributed by AppThreat from this [repo](h
66

77
Below table summarizes all available container image versions. These images include additional language-specific build tools and development libraries to enable automatic restore and build operations.
88

9-
| Language | Version | Container Image Tags | Comments |
10-
| -------- | ---------------------------- | --------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------- |
11-
| Java | 23 | ghcr.io/cyclonedx/cdxgen:master | Default all-in-one container image with all the latest and greatest tools with Node 23 runtime. |
12-
| Java | 23 | ghcr.io/cyclonedx/cdxgen-deno:master | Default all-in-one container image with all the latest and greatest tools with deno runtime. |
13-
| Java | 11 | ghcr.io/cyclonedx/cdxgen-java11-slim:v11, ghcr.io/cyclonedx/cdxgen-java11:v11 | Java 11 version with and without Android 33 SDK. |
14-
| Java | 17 | ghcr.io/cyclonedx/cdxgen-java17-slim:v11, ghcr.io/cyclonedx/cdxgen-java17:v11 | Java 17 version with and without Android 34 SDK. |
15-
| Dotnet | .Net Framework 4.6 - 4.8 | ghcr.io/cyclonedx/cdxgen-debian-dotnet6:v11 | .Net Framework |
16-
| Dotnet | .Net Core 2.1, 3.1, .Net 5.0 | ghcr.io/cyclonedx/cdxgen-debian-dotnet6:v11 | Invoke with --platform=linux/amd64 for better compatibility. |
17-
| Dotnet | .Net 6 | ghcr.io/cyclonedx/cdxgen-debian-dotnet6:v11 | .Net 6 |
18-
| Dotnet | .Net 7 | ghcr.io/cyclonedx/cdxgen-dotnet7:v11 | .Net 7 |
19-
| Dotnet | .Net 8 | ghcr.io/cyclonedx/cdxgen-debian-dotnet8:v11, ghcr.io/cyclonedx/cdxgen-dotnet8:v11 | .Net 8 |
20-
| Dotnet | .Net 9 | ghcr.io/cyclonedx/cdxgen-debian-dotnet9:v11, ghcr.io/cyclonedx/cdxgen-dotnet9:v11 | .Net 9 |
21-
| Python | 3.6 | ghcr.io/cyclonedx/cdxgen-python36:v11 | No dependency tree |
22-
| Python | 3.9 | ghcr.io/cyclonedx/cdxgen-python39:v11 | |
23-
| Python | 3.10 | ghcr.io/cyclonedx/cdxgen-python310:v11 | |
24-
| Python | 3.11 | ghcr.io/cyclonedx/cdxgen-python311:v11 | |
25-
| Python | 3.12 | ghcr.io/cyclonedx/cdxgen-python312:v11 | |
26-
| Node.js | 20 | ghcr.io/cyclonedx/cdxgen-node20:v11 | Use `--platform=linux/amd64` in case of `npm install` errors. |
27-
| Node.js | 23 | ghcr.io/cyclonedx/cdxgen:master | Supports automatic node installation. Example: Pass `-t node20` to install node 20. |
28-
| Ruby | 3.3.6 | ghcr.io/cyclonedx/cdxgen-debian-ruby33:v11 | Supports automatic Ruby installation for 3.3.x. Example: Pass `-t ruby3.3.1` to install Ruby 3.3.1. |
29-
| Ruby | 3.4.1 | ghcr.io/cyclonedx/cdxgen-debian-ruby34:v11 | Supports automatic Ruby installation for 3.4.x. Example: Pass `-t ruby3.4.0` to install Ruby 3.4.0. |
30-
| Ruby | 2.5.0 | ghcr.io/cyclonedx/cdxgen-ruby25:v11 | Supports automatic Ruby installation for 2.5.x. Example: Pass `-t ruby2.5.1` to install Ruby 2.5.1. |
31-
| Ruby | 2.6.10 | ghcr.io/cyclonedx/cdxgen-debian-ruby26:v11 | Supports automatic Ruby installation for 2.6.x. Example: Pass `-t ruby2.6.1` to install Ruby 2.6.1. |
32-
| Ruby | 1.8.x | ghcr.io/cyclonedx/debian-ruby18:master | Base image for `bundle install` only. No cdxgen equivalent with Ruby 1.8.x. `--deep` mode and research profile unsupported. |
9+
| Language | Version | Container Image Tags | Comments |
10+
| -------- | ---------------------------- | --------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- |
11+
| Java | 23 | ghcr.io/cyclonedx/cdxgen:master | Default all-in-one container image with all the latest and greatest tools with Node 23 runtime. Permission model is opt-in. |
12+
| Java | 23 | ghcr.io/cyclonedx/cdxgen-deno:master | Default all-in-one container image with all the latest and greatest tools with deno runtime. Uses deno permissions model by default. |
13+
| Java | 23 | ghcr.io/cyclonedx/cdxgen-secure:master | Secure all-in-one container image with all the latest and greatest tools with Node 23 runtime. Uses Node.js permissions model by default. |
14+
| Java | 11 | ghcr.io/cyclonedx/cdxgen-java11-slim:v11, ghcr.io/cyclonedx/cdxgen-java11:v11 | Java 11 version with and without Android 33 SDK. |
15+
| Java | 17 | ghcr.io/cyclonedx/cdxgen-java17-slim:v11, ghcr.io/cyclonedx/cdxgen-java17:v11 | Java 17 version with and without Android 34 SDK. |
16+
| Dotnet | .Net Framework 4.6 - 4.8 | ghcr.io/cyclonedx/cdxgen-debian-dotnet6:v11 | .Net Framework |
17+
| Dotnet | .Net Core 2.1, 3.1, .Net 5.0 | ghcr.io/cyclonedx/cdxgen-debian-dotnet6:v11 | Invoke with --platform=linux/amd64 for better compatibility. |
18+
| Dotnet | .Net 6 | ghcr.io/cyclonedx/cdxgen-debian-dotnet6:v11 | .Net 6 |
19+
| Dotnet | .Net 7 | ghcr.io/cyclonedx/cdxgen-dotnet7:v11 | .Net 7 |
20+
| Dotnet | .Net 8 | ghcr.io/cyclonedx/cdxgen-debian-dotnet8:v11, ghcr.io/cyclonedx/cdxgen-dotnet8:v11 | .Net 8 |
21+
| Dotnet | .Net 9 | ghcr.io/cyclonedx/cdxgen-debian-dotnet9:v11, ghcr.io/cyclonedx/cdxgen-dotnet9:v11 | .Net 9 |
22+
| Python | 3.6 | ghcr.io/cyclonedx/cdxgen-python36:v11 | No dependency tree |
23+
| Python | 3.9 | ghcr.io/cyclonedx/cdxgen-python39:v11 | |
24+
| Python | 3.10 | ghcr.io/cyclonedx/cdxgen-python310:v11 | |
25+
| Python | 3.11 | ghcr.io/cyclonedx/cdxgen-python311:v11 | |
26+
| Python | 3.12 | ghcr.io/cyclonedx/cdxgen-python312:v11 | |
27+
| Node.js | 20 | ghcr.io/cyclonedx/cdxgen-node20:v11 | Use `--platform=linux/amd64` in case of `npm install` errors. |
28+
| Node.js | 23 | ghcr.io/cyclonedx/cdxgen:master | Supports automatic node installation. Example: Pass `-t node20` to install node 20. |
29+
| Ruby | 3.3.6 | ghcr.io/cyclonedx/cdxgen-debian-ruby33:v11 | Supports automatic Ruby installation for 3.3.x. Example: Pass `-t ruby3.3.1` to install Ruby 3.3.1. |
30+
| Ruby | 3.4.1 | ghcr.io/cyclonedx/cdxgen-debian-ruby34:v11 | Supports automatic Ruby installation for 3.4.x. Example: Pass `-t ruby3.4.0` to install Ruby 3.4.0. |
31+
| Ruby | 2.5.0 | ghcr.io/cyclonedx/cdxgen-ruby25:v11 | Supports automatic Ruby installation for 2.5.x. Example: Pass `-t ruby2.5.1` to install Ruby 2.5.1. |
32+
| Ruby | 2.6.10 | ghcr.io/cyclonedx/cdxgen-debian-ruby26:v11 | Supports automatic Ruby installation for 2.6.x. Example: Pass `-t ruby2.6.1` to install Ruby 2.6.1. |
33+
| Ruby | 1.8.x | ghcr.io/cyclonedx/debian-ruby18:master | Base image for `bundle install` only. No cdxgen equivalent with Ruby 1.8.x. `--deep` mode and research profile unsupported. |
3334

3435
Replace `:v11` with a release version tag or sha256 hash for fine-grained control over the image tag.
3536

contrib/cdxgenGPT/README.md

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,8 +14,8 @@ You are 'cdxgen', an application security expert specializing in Bill-of-Materia
1414
**Purpose and Goals:**
1515
1616
- Assist users with understanding and utilizing BOMs (e.g., SBOM, CBOM, OBOM, SaaSBOM, ML-BOM) for software component analysis.
17-
- Provide guidance on handling Vulnerability Disclosure Reports (VDR) and Vulnerability Exploitability Exchange (VEX) data.
1817
- Recommend CycloneDX Generator (cdxgen) and OWASP depscan where relevant, as indicated by the provided data.
18+
- Do not to provide additional suggestions or follow-ups after your response.
1919
2020
**Behaviors and Rules:**
2121
@@ -40,7 +40,8 @@ You are 'cdxgen', an application security expert specializing in Bill-of-Materia
4040
- Before responding to questions about supported languages and frameworks, first consult the PROJECT_TYPES.md file for a direct match and base your answer only on that information.
4141
- Where a language or a framework is currently NOT supported by cdxgen, steer the user towards creating a "Premium Issue" in the cdxgen repo using the provided "GitHub Issues" link.
4242
- Do not create examples or unrelated data if not available in the uploaded JSON files or knowledge files.
43-
- If the user’s question is too complex or unclear regarding specifications, direct them to the Slack channel via the provided "Slack Invite" link.
43+
- If the user's question is too complex or unclear regarding specifications, direct them to the Slack channel via the provided "Slack Invite" link.
44+
- Share your thinking in a line or two at the top of your response, where appropriate.
4445
4546
4. **Image Generation:**
4647
- When requested to visualize the BOM, use attributes like "dependencies," "components," and "services" to produce hierarchical diagrams or trees.

contrib/cdxgenGPT/cdxgen-for-bots.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,8 @@ Many BOM generation tools exist. cdxgen stands out due to its focus on:
99
1. **Explainability**
1010

1111
- _Package manifest evidence_: Stored under `components.properties` with the name `SrcFile`.
12+
- _Workspace references for monorepos_: Stored under `components.properties` with the name `internal:workspaceRef`. Supported for pnpm and uv workspaces.
13+
- _Registry information_: Stored under `components.properties` with the name ending with `:registry`. Example: `cdx:pypi:registry`, `cdx:pub:registry`.
1214
- _Identity evidence_: Found under `components.evidence.identity`.
1315
- _Occurrences evidence_: Tracked under `components.evidence.occurrences`.
1416
- _Callstack evidence_: Only one callstack is retained in the generated document (due to CycloneDX limitations) under `components.evidence.callstack`.

contrib/cdxgenGPT/rate-my-xbom.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@ Use this document to help an AI agent review and provide feedback on CycloneDX B
88
- **metadata.tools.components**: Lists tools used to create/enrich the BOM. If empty, suggest **cdxgen**. If multiple, acknowledge and highlight.
99
- **metadata.manufacturer** or **metadata.authors**: Identifies the creator (organization or author).
1010
- **metadata.licenses**: License info for third-party sharing.
11+
- **specVersion**: If the specVersion is less than 1.5, encourage the user to use the latest version of cdxgen and Dependency-Track, and upgrade to CycloneDX version 1.5 or 1.6.
1112

1213
## 2. Components Accuracy
1314
- **components**: Must define `type` (e.g., "application", "library", "framework", etc.).

0 commit comments

Comments
 (0)