Introduction

With 9.7.0, we introduce Operations Bill-of-Materials (OBoM) generation capability to cdxgen! We believe consolidating on a single tool/format for monitoring the operating environment and supply chain can help organizations effectively measure and improve their security posture. Combined with a SaaSBoM (with evinse), the operational context offered by OBoM would supercharge the next-generation application and cloud security tools to identify real exploitable vulnerabilities and threats.

By passing -t os, you can generate obom for Windows and Linux hosts under amd64 and arm64 architectures. This feature is powered by osquery which is bundled with cdxgen via plugins.

Hello Power!

We have also added support for generating SBoM on Power (ppc64le)! All cdxgen languages and container image formats are supported. We thank IBM (Janani/Pooja/Priya/Ayden) for their generous support in making this capability a reality.

Support for evinse, SaaSBoM, and OBoM on power will arrive later this year.

New Contributors

• @anoreg made their first contribution in #490
• @sebastianvoss made their first contribution in #513

Full Changelog: v9.6.1...v9.7.0