Integrate the CycloneDX Maven Plugin with Vulnetix. Generate a CycloneDX SBOM from your Maven project including all dependencies, then upload to Vulnetix.

CLI toolCycloneDX

Install & scan

$ # No separate install required — invoke directly via Maven
# Or add to pom.xml for persistent configuration:
# <plugin>
#   <groupId>org.cyclonedx</groupId>
#   <artifactId>cyclonedx-maven-plugin</artifactId>
#   <version>2.9.1</version>
# </plugin>
$ mvn org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom

Run CycloneDX Maven Plugin in CI

Scan on every push and upload the results to Vulnetix:

- name: Generate CycloneDX SBOM
  run: mvn org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom -DoutputFormat=json

- name: Upload to Vulnetix
  run: vulnetix upload --file target/bom.json

Centralise CycloneDX Maven Plugin results in Vulnetix

Upload CycloneDX Maven Plugin CycloneDX output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.

CycloneDX Maven Plugin documentation ↗ · Source repository ↗

Wire CycloneDX Maven Plugin into your CI/CD pipeline →

CycloneDX Maven Plugin Integration Guide

Install & scan

Run CycloneDX Maven Plugin in CI

Centralise CycloneDX Maven Plugin results in Vulnetix