NAME

cpan-sbom - CPAN SBOM (Software Bill of Materials) generator

SYNOPSIS

cpan-sbom --distribution NAME@VERSION
cpan-sbom --meta (META|MYMETA).(json|yml)

cpan-sbom --project-directory DIRECTORY [ --project-name NAME --project-version VERSION --project-description TEXT
                                          --project-license SPDX-LICENSE --project-type BOM-TYPE
                                          --project-author STRING [--project-author STRING] ]

cpan-sbom [--help|--man|-v]

Options:
  -o, --output                          Output file. Default bom.json 

      --distribution NAME@VERSION       Distribution name and version
      --meta                            META or MYMETA file

      --project-directory NAME          Project directory
      --project-meta                    Project META or MYMETA file (alias of --meta)
      --project-type BOM-TYPE           Project type (default: library)
      --project-name NAME               Project name (default: project directory name)
      --project-version VERSION         Project version
      --project-author STRING           Project author(s)
      --project-license SPDX-LICENSE    Project SPDX license
      --project-description TEXT        Project description                  

      --maxdepth=NUM                    Max depth (default: 1)
      --vulnerabilities                 Include Module/Distribution vulnerabilities
      --no-vulnerabilities

      --validate                        Validate the generated SBOM using JSON Schema (default: true)
      --no-validate

      --list-spdx-licenses              List SPDX licenses

      --debug                           Enable debug messages

      --help                            Brief help message
      --man                             Full documentation
  -v, --version                         Print version

OWASP Dependency Track options:
      --server-url URL                  Dependency Track URL (Env: $DTRACK_URL)
      --api-key STRING                  API-Key (Env: $DTRACK_API_KEY)
      --skip-tls-check                  Disable SSL/TLS check (Env: $DTRACK_SKIP_TLS_CHECK)
      --project-id STRING               Project ID (Env: $DTRACK_PROJECT_ID)
      --project-name NAME               Project name (Env: DTRACK_PROJECT_NAME)
      --project-version VERSION         Project version (Env: $DTRACK_PROJECT_VERSION)
      --parent-project-id STRING        Parent project ID (Env: $DTRACK_PARENT_PROJECT_ID)

DESCRIPTION

cpan-sbom CPAN SBOM (Software Bill of Materials) generator

EXAMPLES

Create SBOM of specific distribution:

$ cpan-sbom --distribution libwww-perl@6.78

Create SBOM from META file:

$ cpan-sbom --meta META.json

Create SBOM from your project directory:

$ cpan-sbom \
    --project-directory . \
    --project-name "My Cool Application" \
    --project-type application \
    --project-version 1.337 \
    --project-license Artistic-2.0
    --project-author "Larry Wall <larry@wall.org>"

Create SBOM file and upload to OWASP Dependency Track:

$ cpan-sbom \
  --meta META.json \
  --server-url https://dtrack.example.com \
  --api-key DTRAC-API-KEY \
  --project-id DTRACK-PROJECT-ID

AUTHOR

Giuseppe Di Terlizzi

COPYRIGHT AND LICENSE

You may use and distribute this module according to the same terms that Perl is distributed under.

To install App::CPAN::SBOM, copy and paste the appropriate command in to your terminal.

cpanm

cpanm App::CPAN::SBOM

CPAN shell

perl -MCPAN -e shell
install App::CPAN::SBOM

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)