Tool integration

CycloneDX Python Integration Guide

Official CycloneDX SBOM generator for Python projects, supporting pip, Poetry, and virtual environments

Get a Free API Key

Integrate the CycloneDX Python tool with Vulnetix. Generate a CycloneDX SBOM from your Python project using uv or pip, then upload to Vulnetix.

CLI toolCycloneDX

Install & scan

$ # Recommended: run without global install
uv run --with cyclonedx-bom cyclonedx-py --help

# Or install globally
uv tool install cyclonedx-bom
# or: pip install cyclonedx-bom
$ uv run --with cyclonedx-bom cyclonedx-py environment --output-format JSON --output-file bom.json

Run CycloneDX Python in CI

Scan on every push and upload the results to Vulnetix:

- name: Set up Python
  uses: actions/setup-python@v5
  with:
    python-version: '3.12'

- name: Install dependencies
  run: pip install -r requirements.txt

- name: Generate CycloneDX SBOM
  run: uv run --with cyclonedx-bom cyclonedx-py environment --output-format JSON --output-file bom.json

- name: Upload to Vulnetix
  run: vulnetix upload --file bom.json

Centralise CycloneDX Python results in Vulnetix

Upload CycloneDX Python CycloneDX output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.

CycloneDX Python documentation ↗  ·  Source repository ↗

Wire CycloneDX Python into your CI/CD pipeline →