Man page - debsbom-generate(1)

Packages contains this manual

Package:  debsbom
apt-get install debsbom

Manuals in package:
• debsbom-decisions(1)
• debsbom-filter(1)
• debsbom-merge(1)
• debsbom(1)
• debsbom-source-merge(1)
• debsbom-export(1)
• debsbom-repack(1)
• debsbom-delta(1)
• debsbom-trace-path(1)
• debsbom-download(1)
• debsbom-generate(1)
Documentations in package:
• debsbom

Manual

DEBSBOM-GENERATE

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
SEE ALSO
DEBSBOM
AUTHOR
COPYRIGHT

---

NAME

debsbom-generate - debsbom generate command

SYNOPSIS

debsbom generate [-h] [-o OUT] [--distro-name DISTRO_NAME]
[--distro-supplier DISTRO_SUPPLIER]
[--distro-version DISTRO_VERSION]
[--base-distro-vendor {debian,ubuntu}]
[--cdx-standard {default,standard-bom}]
[--spdx-namespace SPDX_NAMESPACE]
[--cdx-serialnumber CDX_SERIALNUMBER] [--timestamp TIMESTAMP]
[--add-meta-data key=value] [--validate] [-t {cdx,spdx}]
[-r ROOT] [--from-pkglist] [--distro-arch DISTRO_ARCH]
[--with-licenses]

DESCRIPTION

Generate a sbom for a debian system

The command creates comprehensive SBOMs that include all installed software packages and their dependencies. This command can be executed in an air-gapped environment.

OPTIONS

Named Arguments
-o='sbom' , --out='sbom'

filename for output (default: 'sbom'). Use '-' to write to stdout

--distro-name='Debian'

distro name (default: 'Debian')

--distro-supplier

supplier for the root component

--distro-version

version for the root component

--base-distro-vendor='debian'

vendor of debian distribution (debian or ubuntu)

Possible choices: debian, ubuntu

--cdx-standard='default'

generate SBOM according to this spec (only for CDX)

Possible choices: default, standard-bom

--spdx-namespace

document namespace, must be a valid URI (only for SPDX)

--cdx-serialnumber

document serial number, must be a UUID in 8-4-4-4-12 format (only for CDX)

--timestamp

document timestamp in ISO 8601 format

--add-meta-data

add arbitrary metadata properties to the SBOM

--validate=False

validate generated SBOM (only for SPDX)

-t , --sbom-type

SBOM type to generate, can be passed multiple times (default: all)

Possible choices: cdx, spdx

-r='/' , --root='/'

root directory to look for dpkg status file and apt cache

--from-pkglist=False

create SBOM from a package list passed via stdin

--distro-arch='auto'

native dpkg architecture of the distro ('auto')

--with-licenses=False

parse and include license information

SEE ALSO

debsbom-decisions(1)

DEBSBOM

Part of the debsbom(1) suite.

AUTHOR

Christoph Steiger, Felix Moessbauer

COPYRIGHT

2025, Siemens

---