Generating SBOMs for analysis in CVEScan

CVEScan was originaly designed for linux SBOM analysis. Meta-CVEScan and CVEScan-Buildroot allows for generation of such SBOMs, specifically tailored for CVEScan automatic assessments of vulnerabilities. However, analysis of standard CycloneDX-json and SPDX format is also supported. The pages below will go over the generation of CVEScan compatible SBOMs in different context:

• Using CVEScan-Buildroot to generate a SBOM
• Using Meta-CVEScan to generate a SBOM from your Yocto project
• Using CycloneDX-Python to generate a SBOM from a Python environment
• Using Syft to generate a SBOM from a Docker image
• Using Syft to generate a SBOM from a Debian filesystem