Using the CLI
Score, convert, and process your SBOMs with rfsbom
Overview
rfsbom supports the following SBOM specifications, versions, and file formats.
- CycloneDx 1.4 JSON
- CycloneDx 1.4 XML
- SPDX 2.3 JSON
- SPDX 2.3 tag/value
- SPDX 2.3 RDF
- SPDX 2.3 XML
rfsbom has 3 subcommands:
- rfsbom score
- rfsbom convert
- rfsbom process
Each rfsbom subcommand can be run with the --help flag for usage information.
rfsbom score --help
rfsbom convert --help
rfsbom process --help
Score
Specify an SBOM or folder of SBOMs to generate and save SBOM quality reports to the current directory.
rfsbom score <sbom_file_or_folder>
Save SBOM quality reports to the specified output folder.
rfsbom score <sbom_file_or_folder> --output-folder <output_folder>
Convert
Convert an SBOM between any of the supported formats.
rfsbom convert <sbom_file_or_folder> --output_format <cdx-json | cdx-xml | spdx-json | spdx-rdf | spdx-tag | spdx-xml>
Process
Register an SBOM or folder of SBOMs with RapidFort. Upload each SBOM to the RapidFort platform and generate the packages and vulnerabilities reports. Reports may be viewed in the UI.
Upload SBOMs to the RapidFort platform.
rfsbom process <sbom_file_or_folder>
Create a new SBOM project and add SBOMs.
rfsbom process <sbom_file_or_folder> --project-name <project_name>
Create a new project with a caption and add SBOMs.
rfsbom process <sbom_file_or_folder> --project-name <project_name> --project-caption <project_caption>
Add SBOMs to an existing project.
rfsbom process <sbom_file_or_folder> -p <project_id>
Add SBOMs to an existing project and update the project caption.
rfsbom process <sbom_file_or_folder> --project-caption <project_caption> -p <project_id>