BREAKING CHANGE: change 'trivy sbom' to scan SBOM #2407

knqyf263 · 2022-06-27T12:08:28Z

knqyf263
Jun 27, 2022
Maintainer

Summary

Replace trivy sbom with --format cyclonedx, --format spdx, etc.

Before

trivy sbom used to generate the SBOM output.

$ trivy sbom --sbom-format cyclonedx --artifact-type image alpine:3.15

or

$ trivy sbom --sbom-format spdx --artifact-type fs /app/myproject

After

trivy sbom is for scanning SBOM from v0.30.0. Instead, you can generate the SBOM output with the --format flag that is available under each subcommand like image and fs.

$ trivy image --format cyclonedx alpine:3.15

or

$ trivy fs --format spdx /app/myproject

Affected versions

v0.30.0 or greater

Description

To be consistent with other trivy subcommands, we are changing trivy sbom to scan SBOM for vulnerabilities, rather than generate SBOM.

trivy image scans container images
trivy fs scans filesystems
triivy sbom scans SBOM from v0.30.0

adazzi93933 · 2022-07-20T17:35:40Z

adazzi93933
Jul 20, 2022

I am using it this way ...

trivy fs --format cyclonedx $CI_DOCKER_TAR_IMAGE --output $CI_JSON_SBOM

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

BREAKING CHANGE: change 'trivy sbom' to scan SBOM #2407

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 1 comment

{{title}}

Select a reply

BREAKING CHANGE: change 'trivy sbom' to scan SBOM #2407

knqyf263 Jun 27, 2022 Maintainer

Summary

Before

After

Affected versions

Description

Replies: 1 comment

adazzi93933 Jul 20, 2022

knqyf263
Jun 27, 2022
Maintainer

adazzi93933
Jul 20, 2022