Grype and CycloneDX

Syft has away to generate CycloneDX 1.5
Does Grype? I do not see away in the documentation.

Thanks in advance

1 Like

You can use @1.5 on Syft, like syft -o cyclonedx@1.5 busybox:latest will write a cyclonedx 1.5 XML doc (use -o cyclonedx-json@1.5 for the JSON version).

Right now Grype doesn’t support the @ notation to specify a different version of a format, but we’d be open to adding it or accepting a contribution that adds it I believe.