The CycloneDX CocoaPods Gem creates a valid CycloneDX software bill-of-material document from all CocoaPods project dependencies. CycloneDX is a lightweight BoM specification that is easily created, human readable, and simple to parse.
% gem install cyclonedx-cocoapodsFirst, clone/copy the source code from GitHub. Then in the source code directory run these ommands:
gem build cyclonedx-cocoapods.gemspec
gem install cyclonedx-cocoapods-x.x.x.gemBuilding from source requires Ruby 2.4.0 or newer.
cyclonedx-cocoapods aims to produce SBOMs according to the latest CycloneDX specification, which currently is 1.4. You can use the CycloneDX CLI to convert between multiple BOM formats or specification versions.
Generates a BOM with the given parameters. BOM component metadata is only generated if the component's name, version, and type are provided using the --name, --version, and --type parameters.
[version <version_number>]
USAGE
cyclonedx-cocoapods [options]
OPTIONS
--[no-]verbose Show verbose debugging output
-h, --help Show help message
BOM Generation
-p, --path path Path to CocoaPods project directory (default: current directory)
-o, --output bom_file_path Path to output the bom.xml file to (default: "bom.xml")
-b, --bom-version bom_version Version of the generated BOM (default: "1")
-x, --exclude-test-targets Eliminate Podfile targets whose name contains the word "test"
Component Metadata
-n, --name name (If specified version and type are also required) Name of the component for which the BOM is generated
-v, --version version Version of the component for which the BOM is generated
-t, --type type Type of the component for which the BOM is generated (one of application|framework|library|container|operating-system|device|firmware|file)
-g, --group group Group of the component for which the BOM is generated
Output: BoM file at specified location, ./bom.xml if not specified
% cyclonedx-cocoapods --path /path/to/cocoapods/project --output /path/to/bom.xml --version 6 This repo contains a file named example_bom.xml that was generated with this tool.
It represents the open source PodsUpdater application. The PodsUpdater code was checked out, then these two commands were run in the checked out code directory.
% pod install
% cyclonedx-cocoapods -n "kizitonwose/PodsUpdater" -v 1.0.3 -t application --output example_bom.xmlTo set up for local development, make a fork of this repo, make a branch on your fork named after the issue or workflow you are improving, checkout your branch, then run bundle install.
This project runs the DCO checker to validate that the code author has the right to submit the code they are
contributing to the project. Please verify that you do have the right to contribute, then when running git commit add the -s flag to
automatically add the proper Signed-off-by line to the commit message.
Before submitting your pull request, please do the following:
- Run
rake specand make sure all the tests pass. If you are adding new commands or features, they must include tests. If you are changing functionality, update the tests or add new tests as needed. - Add a note to the CHANGELOG describing what you changed.
- Make your pull request. If it is related to an issue, add a link to the issue in the description.
Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the LICENSE file for the full license.