Syft has away to generate CycloneDX 1.5
Does Grype? I do not see away in the documentation.
Thanks in advance
Syft has away to generate CycloneDX 1.5
Does Grype? I do not see away in the documentation.
Thanks in advance
You can use @1.5
on Syft, like syft -o cyclonedx@1.5 busybox:latest
will write a cyclonedx 1.5 XML doc (use -o cyclonedx-json@1.5
for the JSON version).
Right now Grype doesn’t support the @
notation to specify a different version of a format, but we’d be open to adding it or accepting a contribution that adds it I believe.