Rebar3_sbom: Rebar3 plugin to generate CycloneDX SBoM

I just published v0.6.0 of rebar3_sbom, a Rebar3 plugin to generate a software bill-of-materials (SBoM) in CycloneDX format.

Hex: rebar3_sbom | Hex
GitHub: GitHub - voltone/rebar3_sbom: Rebar3 plugin to generate CycloneDX SBoM

For some background, checkout out this old post, which is about its sibling Mix task for Elixir projects. For usage instructions please refer to the README file over at GitHub.

This new version should work on OTP 25, but it no longer supports OTP <21.


Thanks, interesting!

It errors with OTP < 25, as it seems that uri_string:quote/2 only works in OTP 25.

1 Like

Ah, right: that function was added later. So do I really have to use http_uri all the way up to OTP 24, despite the deprecation warnings? :thinking:

Thanks for the heads-up, will try to push a fix later today…

1 Like

Hi. Maybe this post is just not for me, but I really do not even understand it =)

It is not clear, what does this tool do even after reading your linked post. I know that there is FPGA Cyclone. Do you prepare something for it?

1 Like

CycloneDX is a standardised format for specifying (third party) dependencies of software projects. Such a file can be used for verifying license compliance, checking for known vulnerabilities, or as part of a product specification between supplier and client.

This Rebar3 plug-in can generate such a file.

1 Like