CLI Usage

Run the CLI

Run the CLI to create the SBOM and upload the SBOM contents to the SBOM360 portal. All SBOMs generated will be visible on the projects page of SBOM360 portal. The generation of SBOM can take anywhere between a few seconds to hours. The CLI does "n" level metadata collection for each component in your project, its direct dependencies and its transitive dependencies.

Use the following command to generate SBOM

./veecli collect --inputfile <input.json> --output <output>
# Run the commands as a regular user
# Go inside the directory where CLI is extracted
ubuntu@ip-a.b.c.d:~$ cd veecli
# Run the CLI using the “input.json” configured in the previous step
ubuntu@ip-a.b.c.d:~$ ./veecli collect --inputfile input.json --outpath output
2022-07-07T14:18:15.584+0300 info Starting data collection
2022-07-07T14:18:16.924+0300 info SBOM created for project acme and version 2.10.5 
with project id - ***, sbom id - SPDXRef-DOCUMENT-vdna_*****, sbom job id -
SPDXRef-DOCUMENT-vdna_****
..
..
..
2022-07-07T14:18:16.934+0300 info Successfully uploaded archive of collection 
artifacts – output/acme/acme-SPDXRef-DOCUMENT-vdna_******.tar.gz
2022-07-07T14:18:16.934+0300 info Successfully completed data collection

Ensure that “output” folder has 100 GB free space.

Depending on the size of the source, package and number of dependencies discovered, the CLI may run for a while. It is recommended to run the CLI inside a “screen” or a “tmux” session to ensure that any interruption in the user session, does not break the CLI run.

The CLI creates a log file in JSON format in the current folder in the name of “veelocal.log”.

User can additionally redirect the CLI output to another log file as well. The recommended command is, “./veecli collect --inputfile input.json --output output 2>&1 | tee output.log"

Create input.json

To run the CLI, create an input.json with all the project, source, and package information.

Generating SBOM for a single project (log4j)

{
    "project": "log4j",
    "version": "2.14.1",
    "exclude_test_dependency": true,
    "exclude_optional_dependency": true,
    "use_native_tools": true,
    "inputtype": "github",
    "inputs": [
        {
            "src_info": {
                "srcurl": "https://github.com/apache/logging-log4j2",
                "matchingref": "rel/2.14.1",
                "type": "github"
            },
            "pkg_info": {
                "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.14.1"
            }
        }
    ]
}

Generating SBOM for multiple projects (acme)

{
    "project": "acme",
    "version": "2.10.5",
    "exclude_test_dependency": true,
    "exclude_optional_dependency": true,
    "use_native_tools": true,
    "inputtype": "github",
    "inputs": [
        {
            "src_info": {
                "srcurl": "https://github.com/aradesai/acme-auth-service",
                "matchingref": "main",
                "type": "github"
            },
            "pkg_info": {
                "purl": "pkg:maven/com.acme.auth.service/auth-service@2.10.5"
            }
        },
        {
            "src_info": {
                "srcurl": "https://github.com/aradesai/acme-data-service",
                "matchingref": "main",
                "type": "github"
            },
            "pkg_info": {
                "purl": "pkg:maven/com.acme.data.service/data-service@2.10.5"
            }
        },
        {
            "src_info": {
                "srcurl": "https://github.com/aradesai/acme-caching-service",
                "matchingref": "master",
                "type": "github"
            },
            "pkg_info": {
                "purl": "pkg:maven/com.acme.cache.service/cache-service@2.10.5"
            }
        }
    ]
}

PreviousCLI InstallationNextTroubleshooting CLI issues

Last updated