Skip to content

A simple example script generate an (CYCLONEDX or SPDX) SBOM for an app scanned with Veracode in a json file.

License

Notifications You must be signed in to change notification settings

christyson/GenerateSBOMPS

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 

Repository files navigation

Veracode Generate SBOM in Powershell

A simple example script generate an (CYCLONEDX or SPDX) SBOM for an app in a json file.

Setup

Clone this repository:

git clone https://github.com/christyson/GenerateSBOMPS.git

Usage for a single app profile or and app profile with a sandbox

.\sbom_gen <arguments>
Arguments:
app    : (required) Name of the application within Veracode
type   : (optional) Type of SBOM to generate; valid values are 'cyclonedx' (default) or 'spdx'
linked : (optional) Include components from linked projects or not; valid values are 'true' (default) or 'false'

Run

To run you will need to set environment variables as follows:

$ENV:Veracode_API_ID=<YOUR_API_ID>
$ENV:Veracode_API_Key=<YOUR_API_KEY_SECRET>

and then for an spdx that is linked run:

.\sbom_gen <your_app_name> spdx false

This method will generate an SBOM in a file called "your app name"_"type".json

If the app is not found an error message will be printed.

Note: the PowerShell for HMAC Auth came from https://github.com/rafaelzm2000/VC_HMAC_Auth

About

A simple example script generate an (CYCLONEDX or SPDX) SBOM for an app scanned with Veracode in a json file.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published