Skip to content

Add SBOMHub CLI#86

Open
youichi-uda wants to merge 1 commit intoCycloneDX:mainfrom
youichi-uda:add-sbomhub-cli
Open

Add SBOMHub CLI#86
youichi-uda wants to merge 1 commit intoCycloneDX:mainfrom
youichi-uda:add-sbomhub-cli

Conversation

@youichi-uda
Copy link

@youichi-uda youichi-uda commented Feb 3, 2026

Summary

  • Add SBOMHub CLI to the Tool Center
  • SBOMHub CLI is a Go-based CLI tool that wraps Syft, Trivy, and cdxgen
  • Generates SBOMs (CycloneDX/SPDX) and uploads to SBOMHub
  • Supports vulnerability scanning via check command

Tool Information

Capabilities

  • SBOM generation (wrapping Syft/Trivy/cdxgen)
  • SBOM upload to SBOMHub
  • Vulnerability analysis
  • CI/CD integration support

🤖 Generated with Claude Code

@youichi-uda youichi-uda requested a review from a team as a code owner February 3, 2026 05:01
jkowalleck
jkowalleck approved these changes Feb 6, 2026
View reviewed changes
Copy link
Member

@jkowalleck jkowalleck left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

since the tool is a wrapper for syft, trivy, cdxGen, it should basically be the same feature set as these are, right?

Unfortunately, these tools were added with not much care and might have wrong claims or properties ...

i am intrigues to let the same wrong claims be copied here.
therefore, i am okay with the proposed data.

tools/sbomhub_cli.json Outdated
"OSI_APPROVED"
],
"functions": [
"AUTHOR",
Copy link
Member

@jkowalleck jkowalleck Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://cyclonedx.github.io/tool-center/tool.html#tool_functions

Tools that human authors can use to create CycloneDX BOMs.

this is a CLI, rigth?
so it will generate the SBOM for you. it is not for humans to write the SBOM, right?

If so, please remove the AUTHOR

Copy link
Author

@youichi-uda youichi-uda Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're right. SBOMHub CLI auto-generates SBOMs by wrapping generators (Syft, Trivy, cdxgen) — it's not a tool for humans to manually author BOMs. Removed . Thank you!

tools/sbomhub_cli.json Outdated
],
"functions": [
"AUTHOR",
"ANALYSIS",
Copy link
Member

@jkowalleck jkowalleck Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this tool is a wrapper for SBOM generators - it does not analyse SBOM, right?

Copy link
Author

@youichi-uda youichi-uda Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct, it wraps SBOM generators and vulnerability scanners — it doesn't perform analysis itself. Removed \ and the \ section. Thank you for the review!

@youichi-uda @claude
Add SBOMHub CLI
1d6e853 
A CLI tool that wraps Syft, Trivy, and cdxgen to generate SBOMs and
upload them to SBOMHub.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Youichi Uda <youichi.uda@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jkowalleck jkowalleck jkowalleck approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@youichi-uda @jkowalleck