Release Notes
Added
- The target platform for which the SBOM is generated is now recorded, in accodrance with the CycloneDX taxonomy we've contributed upstream ([#762])
Install cargo-cyclonedx 0.5.6
Install prebuilt binaries via shell script
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/CycloneDX/cyclonedx-rust-cargo/releases/download/cargo-cyclonedx-0.5.6/cargo-cyclonedx-installer.sh | shInstall prebuilt binaries via powershell script
powershell -c "irm https://github.com/CycloneDX/cyclonedx-rust-cargo/releases/download/cargo-cyclonedx-0.5.6/cargo-cyclonedx-installer.ps1 | iex"Download cargo-cyclonedx 0.5.6
| File | Platform | Checksum |
|---|---|---|
| cargo-cyclonedx-aarch64-apple-darwin.tar.xz | Apple Silicon macOS | checksum |
| cargo-cyclonedx-x86_64-apple-darwin.tar.xz | Intel macOS | checksum |
| cargo-cyclonedx-x86_64-pc-windows-msvc.zip | x64 Windows | checksum |
| cargo-cyclonedx-x86_64-unknown-linux-gnu.tar.xz | x64 Linux | checksum |
| cargo-cyclonedx-x86_64-unknown-linux-musl.tar.xz | x64 MUSL Linux | checksum |
Verifying GitHub Artifact Attestations
The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the GitHub CLI:
gh attestation verify <file-path of downloaded artifact> --repo CycloneDX/cyclonedx-rust-cargoYou can also download the attestation from GitHub and verify against that directly:
gh attestation verify <file-path of downloaded artifact> --bundle <file-path of downloaded attestation>