{"id":"977b7c49-28be-4549-acea-c346e0bfeac3","shortId":"n2TZnX","kind":"skill","title":"CycloneDX SBOM Generator","tagline":"Generates Software Bill of Materials in CycloneDX format using cdxgen and Syft. Scans npm, pip, and Go modules for known CVEs via OSV.dev API integration.","description":"# CycloneDX SBOM Generator\n\nGenerates Software Bill of Materials in CycloneDX format using cdxgen and Syft. Scans npm, pip, and Go modules for known CVEs via OSV.dev API integration.\n\n## Installation\n\nUse the upstream install or setup path that matches your environment:\n- npm install -g @cyclonedx/cdxgen\n- $ brew install cdxgen\n- docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen:master -r /app -o /app/bom.json\n- docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-deno:master -r /app -o /app/bom.json\n\nRequirements and caveats from upstream:\n- Software-as-a-Service (SaaSBOM) - For Java, Python, JavaScript, TypeScript, and PHP projects.\n- You can also use the cdxgen container image with node, deno, or bun runtime versions.\n- The default version uses Node.js 23\n\nBasic usage or getting-started notes:\n- | **Developers** | Generate a CycloneDX BOM from a local repo, git URL, purl, or container image | cdxgen -o bom.json . | [CLI Usage][docs-cli], [Supported Project Types][docs-project-types] |\n- | **AppSec** | Enrich BOMs with evidence, run BOM audit rules, and feed downstream security workflows | cdxgen -o bom.json --profile appsec --evidence --bom-audit . | [BOM Audit](docs/BOM_AUDIT.md), [Threat Model](doc...\n- | **SOC analysts** | Build OBOM inventories for live hosts and triage runtime posture issues | obom -o obom.json --deep --bom-audit --bom-audit-categories obom-runtime | [OBOM lessons](docs/OBOM_LESSONS.md), [Server U...\n\n- Source: https://github.com/cdxgen/cdxgen\n- Extracted from upstream docs: https://raw.githubusercontent.com/cdxgen/cdxgen/HEAD/README.md\n\n## Source\n\n- [Agent Skill Exchange](https://agentskillexchange.com/skills/cyclonedx-sbom-generator/)","tags":["cyclonedx","sbom","generator","skills","agentskillexchange","agent-skills","ai-agents","ai-tools","awesome-list","claude-code","codex","cursor"],"capabilities":["skill","source-agentskillexchange","skill-cyclonedx-sbom-generator","topic-agent-skills","topic-ai-agents","topic-ai-tools","topic-awesome-list","topic-claude-code","topic-codex","topic-cursor","topic-llm","topic-mcp","topic-npx-skills","topic-openclaw","topic-skills-catalog"],"categories":["skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/agentskillexchange/skills/cyclonedx-sbom-generator","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add agentskillexchange/skills","source_repo":"https://github.com/agentskillexchange/skills","install_from":"skills.sh"}},"qualityScore":"0.454","qualityRationale":"deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 8 github stars · SKILL.md body (1,790 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:10:00.781Z","embedding":null,"createdAt":"2026-05-18T13:15:57.430Z","updatedAt":"2026-05-18T19:10:00.781Z","lastSeenAt":"2026-05-18T19:10:00.781Z","tsv":"'/app':89,96,112,119 '/app/bom.json':98,121 '/cdxgen/cdxgen':263 '/cdxgen/cdxgen/head/readme.md':270 '/cyclonedx/cdxgen-deno:master':117 '/cyclonedx/cdxgen:master':94 '/skills/cyclonedx-sbom-generator/)':277 '/tmp':85,86,108,109 '23':161 'agent':272 'agentskillexchange.com':276 'agentskillexchange.com/skills/cyclonedx-sbom-generator/)':275 'also':143 'analyst':229 'api':27,55 'appsec':199,217 'audit':206,221,223,247,250 'basic':162 'bill':6,34 'bom':173,201,205,220,222,246,249 'bom-audit':219,245 'bom-audit-categori':248 'bom.json':186,215 'brew':73 'build':230 'bun':153 'categori':251 'caveat':124 'cdxgen':13,41,75,80,103,146,184,213 'cli':187,191 'contain':147,182 'cves':24,52 'cyclonedx':1,10,29,38,172 'cyclonedx/cdxgen':72 'debug':81,83,104,106 'deep':244 'default':157 'deno':151 'develop':169 'doc':190,196,227,267 'docker':76,99 'docs-c':189 'docs-project-typ':195 'docs/bom_audit.md':224 'docs/obom_lessons.md':257 'downstream':210 'e':79,102 'enrich':200 'environ':68 'evid':203,218 'exchang':274 'extract':264 'feed':209 'format':11,39 'g':71 'generat':3,4,31,32,170 'get':166 'getting-start':165 'ghcr.io':93,116 'ghcr.io/cyclonedx/cdxgen-deno:master':115 'ghcr.io/cyclonedx/cdxgen:master':92 'git':178 'github.com':262 'github.com/cdxgen/cdxgen':261 'go':20,48 'host':235 'imag':148,183 'instal':57,61,70,74 'integr':28,56 'inventori':232 'issu':240 'java':134 'javascript':136 'known':23,51 'lesson':256 'live':234 'local':176 'match':66 'materi':8,36 'mode':82,105 'model':226 'modul':21,49 'node':150 'node.js':160 'note':168 'npm':17,45,69 'o':97,120,185,214,242 'obom':231,241,253,255 'obom-runtim':252 'obom.json':243 'osv.dev':26,54 'path':64 'php':139 'pip':18,46 'postur':239 'profil':216 'project':140,193,197 'purl':180 'pwd':88,111 'python':135 'r':95,118 'raw.githubusercontent.com':269 'raw.githubusercontent.com/cdxgen/cdxgen/head/readme.md':268 'repo':177 'requir':122 'rm':78,101 'rule':207 'run':77,100,204 'runtim':154,238,254 'rw':90,113 'saasbom':132 'sbom':2,30 'scan':16,44 'secur':211 'server':258 'servic':131 'setup':63 'skill':273 'skill-cyclonedx-sbom-generator' 'soc':228 'softwar':5,33,128 'software-as-a-servic':127 'sourc':260,271 'source-agentskillexchange' 'start':167 'support':192 'syft':15,43 'threat':225 'topic-agent-skills' 'topic-ai-agents' 'topic-ai-tools' 'topic-awesome-list' 'topic-claude-code' 'topic-codex' 'topic-cursor' 'topic-llm' 'topic-mcp' 'topic-npx-skills' 'topic-openclaw' 'topic-skills-catalog' 'triag':237 'type':194,198 'typescript':137 'u':259 'upstream':60,126,266 'url':179 'usag':163,188 'use':12,40,58,144,159 'v':84,87,107,110 'version':155,158 'via':25,53 'workflow':212","prices":[{"id":"a8bd2b12-4fce-478e-b39a-1a80bd0cb91e","listingId":"977b7c49-28be-4549-acea-c346e0bfeac3","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"agentskillexchange","category":"skills","install_from":"skills.sh"},"createdAt":"2026-05-18T13:15:57.430Z"}],"sources":[{"listingId":"977b7c49-28be-4549-acea-c346e0bfeac3","source":"github","sourceId":"agentskillexchange/skills/cyclonedx-sbom-generator","sourceUrl":"https://github.com/agentskillexchange/skills/tree/main/skills/cyclonedx-sbom-generator","isPrimary":false,"firstSeenAt":"2026-05-18T13:15:57.430Z","lastSeenAt":"2026-05-18T19:10:00.781Z"}],"details":{"listingId":"977b7c49-28be-4549-acea-c346e0bfeac3","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"agentskillexchange","slug":"cyclonedx-sbom-generator","github":{"repo":"agentskillexchange/skills","stars":8,"topics":["agent-skills","ai-agents","ai-tools","awesome-list","claude-code","codex","cursor","llm","mcp","npx-skills","openclaw","skills-catalog"],"license":"mit","html_url":"https://github.com/agentskillexchange/skills","pushed_at":"2026-05-18T19:02:17Z","description":"The open catalog of AI agent skills — 2,000+ security-scanned skills for Claude Code, Cursor, Codex, and more.","skill_md_sha":"b2cc2f10734dbf40b5aa5ba625f5aa1185bfcac4","skill_md_path":"skills/cyclonedx-sbom-generator/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/agentskillexchange/skills/tree/main/skills/cyclonedx-sbom-generator"},"layout":"multi","source":"github","category":"skills","frontmatter":{"name":"CycloneDX SBOM Generator","description":"Generates Software Bill of Materials in CycloneDX format using cdxgen and Syft. Scans npm, pip, and Go modules for known CVEs via OSV.dev API integration."},"skills_sh_url":"https://skills.sh/agentskillexchange/skills/cyclonedx-sbom-generator"},"updatedAt":"2026-05-18T19:10:00.781Z"}}