Convert your SBOM from CSV to CycloneDX

If you have an SBOM that is already in a CSV file, you have a few options that you can use to convert it to a CycloneDX file, including using an open-source tool, writing a custom script, or adding each dependency manually. If you run into issues or aren’t comfortable doing this, contact us.

Use an open-source tool

The one that we’ve used is CycloneDX-CLI. You will have to install and run this locally, so if this is outside your realm of expertise, contact us so we can get your SBOM converted.

  1. Install CycloneDX-CLI.

  2. Add these metadata columns shown in this example file into your CSV file: Supplier, Type, Name, Version. You may already have these columns. They are required in order for Helm to be able to successfully identify matches for your dependency components.

  3. Add the metadata field to your CSV file. See the CycloneDX dependency graph use case for more information.

  4. Run the tool, using the “--output-format json” option. This will output the file as a JSON file format. For example, from your directory (ours is ./bin/linux-x64/cyclonedx), you would enter the following in the command line (in our example, we used source_sbom_cyclonedx.csv as our source CSV file, then destination_sbom_cyclonedx.json as the output JSON file that we were creating from the CSV file): convert --input-file source_sbom_cyclonedx.csv -–output-format json > destination_sbom_cyclonedx.json

Write a custom script

You can write a custom script in Python or your favorite language to convert the file from CSV to CycloneDX JSON.

Last updated

© Copyright MedCrypt 2024, All rights reserved.

#294: EOL release docs

Change request updated