other versions
- trixie-backports 0.7.1-1~bpo13+1
- testing 0.7.1-1
- unstable 0.7.1-1
| DEBSBOM-GENERATE(1) | debsbom | DEBSBOM-GENERATE(1) |
NAME¶
debsbom-generate - debsbom generate command
SYNOPSIS¶
debsbom generate [-h] [-o OUT] [--distro-name DISTRO_NAME]
[--distro-supplier DISTRO_SUPPLIER]
[--distro-version DISTRO_VERSION]
[--base-distro-vendor {debian,ubuntu}]
[--cdx-standard {default,standard-bom}]
[--spdx-namespace SPDX_NAMESPACE]
[--cdx-serialnumber CDX_SERIALNUMBER] [--timestamp TIMESTAMP]
[--add-meta-data key=value] [--validate] [-t {cdx,spdx}]
[-r ROOT] [--from-pkglist] [--distro-arch DISTRO_ARCH]
[--with-licenses]
DESCRIPTION¶
Generate a sbom for a debian system
The command creates comprehensive SBOMs that include all installed software packages and their dependencies. This command can be executed in an air-gapped environment.
OPTIONS¶
Named Arguments
- -o='sbom', --out='sbom'
- filename for output (default: 'sbom'). Use '-' to write to stdout
- --distro-name='Debian'
- distro name (default: 'Debian')
- --distro-supplier
- supplier for the root component
- --distro-version
- version for the root component
- --base-distro-vendor='debian'
- vendor of debian distribution (debian or ubuntu)
Possible choices: debian, ubuntu
- --cdx-standard='default'
- generate SBOM according to this spec (only for CDX)
Possible choices: default, standard-bom
- --spdx-namespace
- document namespace, must be a valid URI (only for SPDX)
- --cdx-serialnumber
- document serial number, must be a UUID in 8-4-4-4-12 format (only for CDX)
- --timestamp
- document timestamp in ISO 8601 format
- --add-meta-data
- add arbitrary metadata properties to the SBOM
- --validate=False
- validate generated SBOM (only for SPDX)
- -t, --sbom-type
- SBOM type to generate, can be passed multiple times (default: all)
Possible choices: cdx, spdx
- -r='/', --root='/'
- root directory to look for dpkg status file and apt cache
- --from-pkglist=False
- create SBOM from a package list passed via stdin
- --distro-arch='auto'
- native dpkg architecture of the distro ('auto')
- --with-licenses=False
- parse and include license information
SEE ALSO¶
DEBSBOM¶
Part of the debsbom(1) suite.
Author¶
Christoph Steiger, Felix Moessbauer
Copyright¶
2025, Siemens
| March 20, 2026 |