Skip to content
v0.1.3

SBOM Artifacts

What are these files?

CycloneDX Software Bill of Materials (SBOM) generated by make sbom.

  • Prod SBOM from requirements/prod.txt; Dev SBOM from requirements/dev.txt (both via pip-audit --format cyclonedx-json).
  • Optional validation via make sbom-validate (CycloneDX CLI), and a brief summary via make sbom-summary.

Key variables: PACKAGE_NAME, SBOM_DIR, SBOM_IGNORE_IDS, and SBOM_CLI.

Files & what they’re for

  • bijux-cli-0.1.3-94ceeeb.prod.cdx.json — CycloneDX JSON • production • 243 components • spec 1.4

    • Good: Valid CycloneDX; includes app metadata; reasonable component count. — components=243, spec=1.4
    • How to use: Validate with make sbom-validate; scan with grype sbom:cyclonedx:bijux-cli-0.1.3-94ceeeb.prod.cdx.json or osv-scanner --sbom bijux-cli-0.1.3-94ceeeb.prod.cdx.json; diff prod↔dev to spot drift.

  • bijux-cli-0.1.3-94ceeeb.dev.cdx.json — CycloneDX JSON • development • 243 components • spec 1.4

    • Good: Valid CycloneDX; includes app metadata; reasonable component count. — components=243, spec=1.4
    • How to use: Validate with make sbom-validate; scan with grype sbom:cyclonedx:bijux-cli-0.1.3-94ceeeb.dev.cdx.json or osv-scanner --sbom bijux-cli-0.1.3-94ceeeb.dev.cdx.json; diff prod↔dev to spot drift.

  • summary.txt — SBOM components summary

    • Good: Up-to-date snapshot lines for each SBOM file present.
    • How to use: Open at a glance; keep in CI logs; regenerate with make sbom-summary.

bijux-cli-0.1.3-94ceeeb.prod.cdx.json

About this SBOM & how to use it

Type: Production CycloneDX SBOM Components: 243 CycloneDX spec: 1.4 Serial: urn:uuid:1359ffe9-2c35-418a-ba37-28d025fd7e53 Generated: 2025-08-19T23:36:04.489414+00:00

  • Validate: make sbom-validate (requires SBOM_CLI={cyclonedx} in PATH).
  • Vuln scan (grype): grype sbom:cyclonedx:bijux-cli-0.1.3-94ceeeb.prod.cdx.json.
  • Vuln scan (OSV): osv-scanner --sbom bijux-cli-0.1.3-94ceeeb.prod.cdx.json.
  • License review: inspect components[].licenses or import into your compliance tool.
  • Diff SBOMs: compare dev vs prod JSON to catch environment drift.

Open full contents

bijux-cli-0.1.3-94ceeeb.dev.cdx.json

About this SBOM & how to use it

Type: Development CycloneDX SBOM Components: 243 CycloneDX spec: 1.4 Serial: urn:uuid:43fe7b66-eb5f-42fa-b12e-3e7729abcd0e Generated: 2025-08-19T23:36:05.583758+00:00

  • Validate: make sbom-validate (requires SBOM_CLI={cyclonedx} in PATH).
  • Vuln scan (grype): grype sbom:cyclonedx:bijux-cli-0.1.3-94ceeeb.dev.cdx.json.
  • Vuln scan (OSV): osv-scanner --sbom bijux-cli-0.1.3-94ceeeb.dev.cdx.json.
  • License review: inspect components[].licenses or import into your compliance tool.
  • Diff SBOMs: compare dev vs prod JSON to catch environment drift.

Open full contents

summary.txt

About this artifact

A short components count per SBOM file, created by make sbom-summary.

Open full contents