Generating a Python dependencies SBOM

CycloneDX-Python can be installed through pip as:

pip install cyclonedx-bom

Once installed, it can generate cyclonedx-json SBOMs from a variety of dependencies manifest but also directly from a virtual environment as:

cyclonedx-py environment .venv > inventory.cyclonedx.json

Now let's feed it to the CVEScan scan-inventory subcommand:

cvescan scan-inventory --inventory inventory.cyclonedx.json

The produced report can be explored and/or uploaded to CVEScan WebUI.