winget install --id CycloneDX.cdxgenAbout CycloneDX Generator (cdxgen)
Generate Software Bill of Materials (SBOM) for most applications and container images with a single command. Generate Operations Bill of Materials (OBOM) for Linux and Windows hosts. Integrate with any CI/CD pipeline. Automatically submit the generated BOM to your dependency track server for analysis.
What's new in 12.4.1
Optimise SEA binaries. What's Changed 🤖 AI-auto Changes - fix: profile standalone binary dependencies by @prabhu in #4053 Full Changelog: v12.4.0...v12.4.1
Version history
| Version | Updated | Notes |
|---|---|---|
| 12.4.1 | Unknown | Optimise SEA binaries. What's Changed 🤖 AI-auto Changes - fix: profile standalone binary dependencies by @prabhu in #4053 Full Changelog: v12.4.0...v12.4.1 |
| 12.4.0 | Unknown | What's Changed 🤖 AI-auto Changes - Enhance dry-run mode with symlink, spawn I/O, and archive extraction tracing by @Copilot in #3969 - package visibility, cbom and obom improvements by @prabhu in #4002 - feat: caxa v3 ba... |
| 12.3.3 | Unknown | This release includes security fixes and some features. What's Changed 🤖 AI-auto Changes - Trim non-runtime files from published npm artifacts, image context, and SEA bundles by @Copilot in #3957 - Add collider.lock supp... |
| 12.3.2 | Unknown | What's Changed 🤖 AI-auto Changes - Enforce CycloneDX 1.7 TLP validation for sensitive BOM properties by @Copilot in #3954 Full Changelog: v12.3.1...v12.3.2 |
| 12.3.1 | Unknown | cdxgen can now identify the MCP configurations and skills used in your project. It can also predict supply-chain attacks against your cargo dependencies. What's Changed 🤖 AI-auto Changes - Expand Cargo predictive audit c... |
| 12.3.0 | Unknown | cdxgen v12.3.0 Full changelog: v12.2.1...v12.3.0 v12.3.0 is a big release for cdxgen. It expands the project beyond BOM generation with new capabilities for upstream dependency risk prioritisation, SPDX conversion/export... |
| 12.2.1 | Unknown | This release focuses on Node.js dependency accuracy, server-side submission hardening, and CI/build maintenance. lang:node #3920 added WASM and WASI detection in the JS analyzer with test coverage updates. #3924 fixed np... |
| 12.2.0 | Unknown | > The beginning of the cycle where the AI agents write more code than humans. cdxgen continues to lose weight. We have removed more dependencies such as sqlite3 and jws by rewriting code to make use of native Node module... |
| 12.1.5 | Unknown | What's Changed Breaking Changes 🛠 - Couple of security fixes. Update jdk versions by @prabhu in #3808 - Audit npmrc config files and NODE_OPTIONS for code execution risks. by @prabhu in #3815 - Improve python venv detect... |
| 12.1.4 | Unknown | What's Changed Breaking Changes 🛠 - Do not try to build sqlite3 for deno by @prabhu in #3801 Other Changes - typescript 6 by @prabhu in #3802 - Detect npm package name and version spoofing by @prabhu in #3805 Full Change... |
| 12.1.3 | Unknown | What's Changed Breaking Changes 🛠 - [security] server hardening for safer git clones by @prabhu in #3708 - Do not make pypi calls unless necessary. by @prabhu in #3711 🤖 AI-assisted Changes - Trim sqlite3 prebuilds by @p... |
| 12.1.2 | Unknown | What's Changed Breaking Changes 🛠 - go 1.24+ support with additional attributes by @prabhu in #3576 🤖 AI-assisted Changes - fix(cmake): skip empty dependency() names when parsing Meson files by @SergioChan in #3682 - fix... |
| 12.1.1 | Unknown | What's Changed 🏗️ Build System - [musl binaries] Switch to 'official unofficial' nodejs builds URL by @malice00 in #3513 Other Changes - Add arguments to prevent trivy telemetry and version check (#3499) by @atwupack in... |
| 12.1.0 | Unknown | Known limitations Container images will get published only under the ghcr.io/cdxgen namespace. We are working on an approach to mirror the images to the CycloneDX namespace ghcr.io/cyclonedx but have no ETA for now. What... |
| 12.0.0 | Unknown | What's Changed 🧪 Testing - Bandersnatch removed swift by @malice00 in #2974 🏗️ Build System - Using version-file for nvm version by @malice00 in #2657 - Changes for nvm where not added in this image by @malice00 in #2663... |
| 11.11.0 | Unknown | What's Changed Breaking Changes 🛠 - yarn workspace improvements by @prabhu in #2504 🏗️ Build System - [build] Run workflow when unit-tests change by @malice00 in #2498 - [build] Added a version-file for node v25 by @mali... |
| 11.10.0 | Unknown | What's Changed 🏗️ Build System - MacOS 13 is being phased out by @malice00 in #2391 - Run java11 on hosted runner by @malice00 in #2493 📦 Dependency Updates - chore(deps): update opensuse/tumbleweed:latest docker digest... |
| 11.9.0 | Unknown | What's Changed 🏗️ Build System - Tumbleweed replaced java24 with 25 by @malice00 in #2396 - OpenSuse removed java24 and updated to 25 by @malice00 in #2397 - Using version-files to configure tool-versions in images by @m... |
| 11.8.0 | Unknown | What's Changed Breaking Changes 🛠 - pin direct dependencies + simplify pnpm install steps by @prabhu in #2260 - In source arborist with ESM conversion by @prabhu in #2274 🐛 Bug Fixes - Re-added php and ruby to the binary... |
| 11.7.0 | Unknown | What's Changed 🤖 AI-assisted Changes - ipv6 and chinese characters support in iri strings by @prabhu in #2184 - Handle recursion errors while constructing the pip dependency tree by @prabhu in #2224 🏗️ Build System - [bu... |