Name	Name	Last commit message	Last commit date
Latest commit jkowalleck 3.0.0 - rewrite in TS with CDX-lib (#70 ) Jun 20, 2022 f0e5cc9 · Jun 20, 2022 History 77 Commits
.github	.github	3.0.0 - rewrite in TS with CDX-lib (#70 )	Jun 20, 2022
examples/simple	examples/simple	3.0.0 - rewrite in TS with CDX-lib (#70 )	Jun 20, 2022
src	src	3.0.0 - rewrite in TS with CDX-lib (#70 )	Jun 20, 2022
tests	tests	3.0.0 - rewrite in TS with CDX-lib (#70 )	Jun 20, 2022
.editorconfig	.editorconfig	3.0.0 - rewrite in TS with CDX-lib (#70 )	Jun 20, 2022
.eslintignore	.eslintignore	3.0.0 - rewrite in TS with CDX-lib (#70 )	Jun 20, 2022
.eslintrc.js	.eslintrc.js	3.0.0 - rewrite in TS with CDX-lib (#70 )	Jun 20, 2022
.gitattributes	.gitattributes	3.0.0 - rewrite in TS with CDX-lib (#70 )	Jun 20, 2022
.gitignore	.gitignore	`@cyclonedx/bom:^3.8` & node `>= 12.0.0` & tests (#51 )	Apr 24, 2022
.lift.toml	.lift.toml	`@cyclonedx/bom:^3.8` & node `>= 12.0.0` & tests (#51 )	Apr 24, 2022
.npmignore	.npmignore	3.0.0 - rewrite in TS with CDX-lib (#70 )	Jun 20, 2022
CODEOWNERS	CODEOWNERS	Create CODEOWNERS	Dec 7, 2021
CONTRIBUTING.md	CONTRIBUTING.md	3.0.0 - rewrite in TS with CDX-lib (#70 )	Jun 20, 2022
HISTORY.md	HISTORY.md	3.0.0 - rewrite in TS with CDX-lib (#70 )	Jun 20, 2022
LICENSE	LICENSE	Updated license to include OWASP Foundation in copyright	Sep 12, 2021
NOTICE	NOTICE	additional npmignore & LICENSE NOTICE added	Apr 25, 2022
README.md	README.md	3.0.0 - rewrite in TS with CDX-lib (#70 )	Jun 20, 2022
jest.config.js	jest.config.js	3.0.0 - rewrite in TS with CDX-lib (#70 )	Jun 20, 2022
package-lock.json	package-lock.json	3.0.0 - rewrite in TS with CDX-lib (#70 )	Jun 20, 2022
package.json	package.json	3.0.0 - rewrite in TS with CDX-lib (#70 )	Jun 20, 2022
tsconfig.json	tsconfig.json	3.0.0 - rewrite in TS with CDX-lib (#70 )	Jun 20, 2022

Repository files navigation

CycloneDX Webpack Plugin

This plugin for webpack creates a CycloneDX Software Bill of Materials (SBoM) containing an aggregate of all bundled dependencies.
This plugin uses the linkages generated by webpack to create a dependency graph which only contain the dependencies that are actually used (after tree-shaking).

Requirements

Node.js >= 14
webpack ^5

However, there are older versions of this plugin, that support

Node.js v8.0.0 or higher
webpack v4.0.0 or higher

Installing

npm i -D @cyclonedx/webpack-plugin
yarn add -D @cyclonedx/webpack-plugin

Usage

Configuration

For configuration and options, please consult the shipped CycloneDxWebpackPluginOptions interface definition, or see one of the examples.

Example

In your webpack config add the CycloneDX plugin:

const { CycloneDxWebpackPlugin } = require('@cyclonedx/webpack-plugin');

/** @type {import('@cyclonedx/webpack-plugin').CycloneDxWebpackPluginOptions} */
const cycloneDxWebpackPluginOptions = {
  specVersion: '1.4',
  outputLocation: './bom'
}

module.exports = {
  // ...
  plugins: [
    new CycloneDxWebpackPlugin(cycloneDxWebpackPluginOptions)
  ]
}

See extended examples.

Support for IETF /.well-known/sbom

The CycloneDX Webpack plugin supports placing the CycloneDX SBOM in a pre-defined location, specifically in /.well-known/sbom. This option is enabled by default. The behavior can be changed by overriding the values of includeWellknown and wellknownLocation.
See draft-lear-opsawg-sbom-access for more information on the specification, currently an IETF draft.

In your webpack config add the CycloneDX plugin:

const { CycloneDxWebpackPlugin } = require('@cyclonedx/webpack-plugin');

/** @type {import('@cyclonedx/webpack-plugin').CycloneDxWebpackPluginOptions} */
const cycloneDxWebpackPluginOptions = {
  includeWellknown: true,
  wellknownLocation: './.well-known'
}

module.exports = {
  // ...
  plugins: [
    new CycloneDxWebpackPlugin(cycloneDxWebpackPluginOptions)
  ]
}

Use with Angular

Angular uses Webpack under the hood. Therefore, it is possible to integrate this plugin by utilizing @angular-builders/custom-webpack.

Use with React

React uses Webpack under the hood. Therefore, it is possible to integrate this plugin.

Development & Contributing

Feel free to open issues, bugreports or pull requests.
See the CONTRIBUTING file for details.

License

Permission to modify and redistribute is granted under the terms of the Apache 2.0 license.
See the LICENSE file for the full license.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CycloneDX Webpack Plugin

Requirements

Installing

Usage

Configuration

Example

Support for IETF /.well-known/sbom

Use with Angular

Use with React

Development & Contributing

License

About

Releases 44

Sponsor this project

Used by 1.7k

Contributors 8

Languages

License

CycloneDX/cyclonedx-webpack-plugin

Folders and files

Latest commit

History

Repository files navigation

CycloneDX Webpack Plugin

Requirements

Installing

Usage

Configuration

Example

Support for IETF /.well-known/sbom

Use with Angular

Use with React

Development & Contributing

License

About

Topics

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Releases 44

Sponsor this project

Used by 1.7k

Contributors 8

Languages