Advanced Usage
Expert features for power users and automation.
Advanced Topics
Automation Examples
CI/CD Integration
#!/bin/bash
# ci-cbom-check.sh
# Generate CBOM
./build/cbom-generator \
--deterministic \
--no-personal-data \
--format cyclonedx --cyclonedx-spec 1.7 \
--output current-cbom.json
# Check PQC readiness threshold
SCORE=$(cat current-cbom.json | jq -r '.metadata.properties[] | select(.name == "cbom:pqc:readiness_score") | .value')
if (( $(echo "$SCORE < 10" | bc -l) )); then
echo "FAIL: PQC readiness score $SCORE% below threshold"
exit 1
fi
echo "PASS: PQC readiness score $SCORE%"
Scheduled Scanning
# /etc/cron.weekly/cbom-scan
#!/bin/bash
DATE=$(date +%Y%m%d)
./build/cbom-generator \
--discover-services \
--plugin-dir /opt/cbom/plugins \
--no-personal-data \
--pqc-report /var/reports/pqc-$DATE.txt \
--output /var/cbom/cbom-$DATE.json
Container Scanning
# Extract and scan container filesystem
docker export container_id | tar -C /tmp/container-fs -xf -
./build/cbom-generator \
--cross-arch \
--crypto-registry crypto-registry-alpine.yaml \
--output container-cbom.json \
/tmp/container-fs
rm -rf /tmp/container-fs
Environment Variables
| Variable |
Description |
CBOM_SALT |
Salt for privacy redaction (consistent pseudonyms) |
CBOM_CACHE_DIR |
Cache directory location |
CBOM_LOG_LEVEL |
Logging verbosity |
Output Piping
# Stream to another tool
./build/cbom-generator --output - | tee cbom.json | jq '.components | length'
# Compress output
./build/cbom-generator --output - | gzip > cbom.json.gz
# Send to remote
./build/cbom-generator --output - | curl -X POST -d @- https://api.example.com/cbom