Convert your SBOM from CSV to CycloneDX

If you have an SBOM that is already in a CSV file, you have a few options that you can use to convert it to a CycloneDX file, including using an open-source tool, writing a custom script, or adding each component manually. If you run into issues or aren’t comfortable doing this, .

Use an open-source tool

The one that we’ve used is . You will have to install and run this locally, so if this is outside your realm of expertise, so we can get your SBOM converted.

1. Install CycloneDX-CLI.

2. Add these metadata columns shown in this into your CSV file: Supplier, Type, Name, Version. You may already have these columns. They are required in order for Helm to be able to successfully identify matches for your components.

3. Add the metadata field to your CSV file. See the for more information.

4. Run the tool, using the “--output-format json” option. This will output the file as a JSON file format. For example, from your directory (ours is ./bin/linux-x64/cyclonedx), you would enter the following in the command line (in our example, we used source_sbom_cyclonedx.csv as our source CSV file, then destination_sbom_cyclonedx.json as the output JSON file that we were creating from the CSV file): convert --input-file source_sbom_cyclonedx.csv -–output-format json > destination_sbom_cyclonedx.json

Write a custom script

You can write a custom script in Python or your favorite language to convert the file from CSV to CycloneDX JSON.