Tool integration

CycloneDX Go Module Integration Guide

Official CycloneDX SBOM generator for Go modules using go.sum-compatible hashing

Get a Free API Key

Integrate cyclonedx-gomod with Vulnetix. Generate a CycloneDX SBOM from your Go module project and upload to Vulnetix.

CLI toolCycloneDX

Install & scan

$ go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@latest
$ cyclonedx-gomod app -json -output bom.json .

Run CycloneDX Go Module in CI

Scan on every push and upload the results to Vulnetix:

- name: Setup Go
  uses: actions/setup-go@v5
  with:
    go-version: stable

- name: Install cyclonedx-gomod
  run: go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@latest

- name: Generate CycloneDX SBOM
  run: cyclonedx-gomod app -json -output bom.json .

- name: Upload to Vulnetix
  run: vulnetix upload --file bom.json

Centralise CycloneDX Go Module results in Vulnetix

Upload CycloneDX Go Module CycloneDX output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.

CycloneDX Go Module documentation ↗  ·  Source repository ↗

Wire CycloneDX Go Module into your CI/CD pipeline →