Man page - debsbom-generate(1)

Packages contas this manual

Package: debsbom
apt-get install debsbom

Manuals in package:

Documentations in package:

debsbom

Manual

DEBSBOM-GENERATE(1)

debsbom

DEBSBOM-GENERATE(1)

NAME

debsbom-generate - debsbom generate command

SYNOPSIS

debsbom generate [-h] [-o OUT] [--distro-name DISTRO_NAME]


                 [--distro-supplier DISTRO_SUPPLIER]


                 [--distro-version DISTRO_VERSION]


                 [--base-distro-vendor {debian,ubuntu}]


                 [--cdx-standard {default,standard-bom}]


                 [--spdx-namespace SPDX_NAMESPACE]


                 [--cdx-serialnumber CDX_SERIALNUMBER] [--timestamp TIMESTAMP]


                 [--add-meta-data key=value] [--validate] [-t {cdx,spdx}]


                 [-r ROOT] [--from-pkglist] [--distro-arch DISTRO_ARCH]


                 [--with-licenses]

DESCRIPTION

Generate a sbom for a debian system

The command creates comprehensive SBOMs that include all installed software packages and their dependencies. This command can be executed in an air-gapped environment.

OPTIONS

Named Arguments

-o='sbom', --out='sbom': filename for output (default: 'sbom'). Use '-' to write to stdout
--distro-name='Debian': distro name (default: 'Debian')
--distro-supplier: supplier for the root component
--distro-version: version for the root component
--base-distro-vendor='debian': vendor of debian distribution (debian or ubuntu)
Possible choices: debian, ubuntu
--cdx-standard='default': generate SBOM according to this spec (only for CDX)
Possible choices: default, standard-bom
--spdx-namespace: document namespace, must be a valid URI (only for SPDX)
--cdx-serialnumber: document serial number, must be a UUID in 8-4-4-4-12 format (only for CDX)
--timestamp: document timestamp in ISO 8601 format
--add-meta-data: add arbitrary metadata properties to the SBOM
--validate=False: validate generated SBOM (only for SPDX)
-t, --sbom-type: SBOM type to generate, can be passed multiple times (default: all)
Possible choices: cdx, spdx
-r='/', --root='/': root directory to look for dpkg status file and apt cache
--from-pkglist=False: create SBOM from a package list passed via stdin
--distro-arch='auto': native dpkg architecture of the distro ('auto')
--with-licenses=False: parse and include license information

DEBSBOM

Part of the debsbom(1) suite.

AUTHOR

Christoph Steiger, Felix Moessbauer

COPYRIGHT

2025, Siemens

March 24, 2026