Generate CycloneDX or SPDX SBOMs for any project with cdxgen and upload to Vulnetix. Supports npm, pip, Maven, Gradle, Go modules, Cargo, NuGet, Composer, and 20+ more ecosystems.
CLI toolCycloneDXSPDX
Install & scan
$ # Zero-install — run directly with npx npx @cyclonedx/cdxgen --version # Or install globally npm install -g @cyclonedx/cdxgen $ npx @cyclonedx/cdxgen -o bom.json .
Run cdxgen in CI
Scan on every push and upload the results to Vulnetix:
- name: Generate SBOM with cdxgen run: npx @cyclonedx/cdxgen -o bom.json . - name: Upload to Vulnetix run: vulnetix upload --file bom.json
Centralise cdxgen results in Vulnetix
Upload cdxgen CycloneDX, SPDX output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.