xsharp.eu • SBOM generation for X# Solutions with cyclonedx-dotnet
Page 1 of 1

SBOM generation for X# Solutions with cyclonedx-dotnet

Posted: Mon Nov 18, 2024 9:15 pm
by VR
Hi,

SBOM stands for Software Bill of Materials and is a standard file format for project dependencies. Cyclonedx-dotnet is a command-line tool, that creates this file by extracting the information about all the nuget packages in a dotnet solutions. Starting with version 4.1.0, X# projects are supported too.

This file can then be analyzed using tools like bomber (command-line tool) or DependencyTrack (web app) for known vulnerabilities.

Visual Studio also shows known vulnerabilities, but DependencyTrack is useful, if you have many projects and want to have an overview, which projects are currently affected by known vulnerabilities. Additional benefits of DependencyTrack are that it continuously analyzes your dependencies and sends alerts if new vulnerabilities are detected.

Volkmar