README in Russian here.
This is a port of the existing CycloneDX Ruby Gem to Rust. The reason for its appearance is the extremely slow performance of the CycloneDX Ruby Gem (it polls rubygems.org synchronously in one thread, while you need to make hundreds of requests to generate a bom-file for an average Rails-project).
- Install
Rust
$ brew install rustor follow instruction on official website.
- Clone this repository
$ git clone [email protected]:EvgeniyRRU/cyclonedx-rs-gem.git && cd cyclonedx-rs-gem
- Build and install application
$ make install
$ cyclonedx-rs-gem [options]
-p, --path <PATH> - path to the folder containing Gemfile.lock. If not specified, the current folder is used
-o, --output <OUTPUT> - path to the folder where the bom file will be recorded. If omitted, it will be the same folder where Gemfile.lock is located.
-f, --format-file <FORMAT_FILE> [default: json] [possible values: xml, json] - output file format
-v, --verbose - should to print additional information
-n, --nexus-url <NEXUS_URL> - url local Nexus repository for check if package exists in local Nexus
-h, --help Print help
-V, --version Print version
As a result of successful operation, bom.json or bom.xml will be generated in the specified directory.
Examples
Just generate bom file:
$ cyclonedx-rs-gem -p /Users/ruby/myrailsprojectGenerate bom file and check if all packages exists in local Nexus repository:
$ cyclonedx-rs-gem -p /Users/ruby/myrailsproject --nexus-url='https://somecorpnexus.com'