Where can one import sbom generated with cdxgen - t os that works ?

[andy778]

I cranked up a small windows image and generated cdxgen -t os -o obom.json --spec-version 1.4
-> Importing that to dependency track imported 0 components, and yes the SBOM looked to contain many components what I would expect.
-> I should probably try out a linux (ubuntu) image next and see the result

How was this tested and should perhaps crank up VS code...

[prabhu]

@andy778, thank you for trying the obom feature. You might have rightly guessed that cdxgen is always ahead regarding innovative features. We are working on depscan 4.3, the first tool to consume obom and sbom to prioritise vulnerabilities better. We anticipate more tools to support obom by 2024.