Integrate the CycloneDX Yarn plugin with Vulnetix. Generate a CycloneDX SBOM from your Yarn Berry workspace, then upload to Vulnetix for JavaScript supply-chain analysis.
CLI toolCycloneDX
Install & scan
$ # Zero-install via yarn dlx (Yarn Berry v3/v4) yarn dlx -q @cyclonedx/yarn-plugin-cyclonedx --help # Or install the plugin permanently yarn plugin import https://github.com/CycloneDX/cyclonedx-node-yarn/releases/latest/download/yarn-plugin-cyclonedx.cjs $ yarn dlx -q @cyclonedx/yarn-plugin-cyclonedx --output-format JSON --output-file bom.json
Run Yarn CycloneDX in CI
Scan on every push and upload the results to Vulnetix:
- name: Enable Corepack run: corepack enable - name: Install dependencies run: yarn install --immutable - name: Generate CycloneDX SBOM run: yarn dlx -q @cyclonedx/yarn-plugin-cyclonedx --omit dev --output-format JSON --output-file bom.json - name: Upload to Vulnetix run: vulnetix upload --file bom.json
Centralise Yarn CycloneDX results in Vulnetix
Upload Yarn CycloneDX CycloneDX output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.