You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: README.md
+57-1
Original file line number
Diff line number
Diff line change
@@ -329,12 +329,68 @@ All `list` subcommands support the `--where` flag. It can be used to filter out
329
329
330
330
Multiple key-value (i.e., column-title=regex) pairs can be provided on the same `--where` filter flag using commas.
331
331
332
-
Syntax: `[--where key=regex[,...]]`
332
+
**Syntax**: `[--where key=regex[,...]]`
333
333
334
334
See each command's section for contextual examples of the `--where` flag filter usage.
335
335
336
336
---
337
337
338
+
## Component
339
+
340
+
Primarily, this command is used to generate lists of components that are included in a CycloneDX SBOM.
341
+
342
+
### Component `list` command
343
+
344
+
This command is used to extract, filter and list CycloneDX BOM `Component` data.
345
+
346
+
#### Component list supported formats
347
+
348
+
This command supports the `--format` flag with any of the following values:
349
+
350
+
-`txt` (default), `csv`, `md`
351
+
352
+
#### Component list flags
353
+
354
+
##### Component list `--summary` flag
355
+
356
+
Use the `--summary` flag on the `component list` command to produce a summary report with reduced column information.
357
+
358
+
#### Component list examples
359
+
360
+
##### Example: `component list`
361
+
362
+
This example shows the component list with all column information display. Since CycloneDX component data can be very extensive, many columns simply indicate the component `has` more data available which can be extracted using the `query` command if needed.
363
+
364
+
```bash
365
+
./sbom-utility component list -i test/cyclonedx/1.6/specification/valid-bom-1.6.json -q
366
+
```
367
+
368
+
```text
369
+
bom-ref group type name version description copyright supplier-name supplier-url manufacturer-name manufacturer-url publisher purl swid-tag-id cpe mime-type scope number-hashes number-licenses has-pedigree has-evidence has-components has-release-notes has-model-card has-data has-tags has-signature
org.example library mylibrary 1.0.0 Example, Inc. https://example.com Example-2, Inc. https://example.org required 0 0 true false false false false false false false
374
+
```
375
+
376
+
##### Example: `component list` summary in markdown format
377
+
378
+
The same BOM component information as in the previous example; however, with output produced in markdown table format and using the summary flag to reduce the number of columns.
379
+
380
+
```bash
381
+
./sbom-utility component list -i test/cyclonedx/1.6/specification/valid-bom-1.6.json --summary --format=md -q
This command is used to aggregate and summarize software, hardware and data license information included in the SBOM. It also displays license usage policies for resources based upon concluded by SPDX license identifier, license family or logical license expressions as defined in he current policy file (i.e., `license.json`).
0 commit comments