{"id":425,"date":"2026-02-03T18:47:39","date_gmt":"2026-02-03T10:47:39","guid":{"rendered":"https:\/\/qkd.koudaipc.com\/?p=425"},"modified":"2026-02-03T18:48:05","modified_gmt":"2026-02-03T10:48:05","slug":"cyclonedx-sbom%e5%b7%a5%e5%85%b7%e5%8f%8ajson%e8%bd%accsv%e6%96%b9%e6%b3%95","status":"publish","type":"post","link":"https:\/\/ns1.koudaipc.com\/en\/2026\/02\/03\/cyclonedx-sbom%e5%b7%a5%e5%85%b7%e5%8f%8ajson%e8%bd%accsv%e6%96%b9%e6%b3%95\/","title":{"rendered":"CycloneDX SBOM\u5de5\u5177\u53caJSON\u8f6cCSV\u65b9\u6cd5"},"content":{"rendered":"<p>\u5904\u7406CycloneDX SBOM\u6587\u4ef6\u7684\u5de5\u5177\u9009\u62e9\u5f88\u591a\uff0c\u6838\u5fc3\u5de5\u5177\u662f <strong>CycloneDX CLI<\/strong>\uff0c\u5b83\u53ef\u4ee5\u76f4\u63a5\u5c06JSON\u683c\u5f0f\u7684SBOM\u8f6c\u6362\u4e3aCSV\u3002<\/p>\n<p>\u4e3a\u4e86\u65b9\u4fbf\u4f60\u5feb\u901f\u9009\u62e9\uff0c\u6211\u5c06\u4e3b\u8981\u7684\u5de5\u5177\u5206\u7c7b\u6574\u7406\u5982\u4e0b\uff1a<\/p>\n<table>\n<thead>\n<tr>\n<th style=\"text-align: left;\">\u5de5\u5177\u7c7b\u522b<\/th>\n<th style=\"text-align: left;\">\u5de5\u5177\u540d\u79f0<\/th>\n<th style=\"text-align: left;\">\u4e3b\u8981\u529f\u80fd<\/th>\n<th style=\"text-align: left;\">\u662f\u5426\u652f\u6301 JSON \u8f6c CSV<\/th>\n<th style=\"text-align: left;\">\u4e3b\u8981\u7279\u70b9<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td style=\"text-align: left;\"><strong>\u5b98\u65b9\u6838\u5fc3CLI\u5de5\u5177<\/strong><\/td>\n<td style=\"text-align: left;\"><strong>CycloneDX CLI<\/strong><\/td>\n<td style=\"text-align: left;\">SBOM\u5206\u6790\u3001<strong>\u683c\u5f0f\u8f6c\u6362<\/strong>\u3001\u5408\u5e76\u3001\u5dee\u5f02\u6bd4\u8f83\u3001\u7b7e\u540d\/\u9a8c\u8bc1<\/td>\n<td style=\"text-align: left;\"><strong>\u652f\u6301<\/strong><\/td>\n<td style=\"text-align: left;\">\u5b98\u65b9\u51fa\u54c1\uff0c\u529f\u80fd\u5168\u9762\uff0c\u4e13\u4e3a\u81ea\u52a8\u5316\u6d41\u7a0b\u8bbe\u8ba1<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\"><strong>SBOM\u751f\u6210\u5668<\/strong><\/td>\n<td style=\"text-align: left;\"><strong>cdxgen<\/strong> (&lt;code&gt;@cyclonedx\/cdxgen&lt;\/code&gt;)<\/td>\n<td style=\"text-align: left;\">\u4e3a\u591a\u79cd\u7f16\u7a0b\u8bed\u8a00\u548c\u5bb9\u5668\u955c\u50cf\u751f\u6210 CycloneDX SBOM<\/td>\n<td style=\"text-align: left;\">\u4e0d\u652f\u6301\uff08\u6838\u5fc3\u662f\u751f\u6210\uff09<\/td>\n<td style=\"text-align: left;\">\u652f\u6301\u8bed\u8a00\/\u5e73\u53f0\u6781\u5e7f\uff0c\u53ef\u6df1\u5ea6\u5206\u6790\u9879\u76ee\u4f9d\u8d56<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\"><strong>\u5546\u4e1a\/\u5728\u7ebf\u5e73\u53f0<\/strong><\/td>\n<td style=\"text-align: left;\">OpenText Core SCA\u3001CodeScoring<\/td>\n<td style=\"text-align: left;\">\u4f9d\u8d56\u9879\u626b\u63cf\u3001\u6f0f\u6d1e\u5206\u6790\u3001SBOM\u751f\u6210\u4e0e\u5bfc\u51fa<\/td>\n<td style=\"text-align: left;\">\u90e8\u5206\u652f\u6301\uff08\u5982CodeScoring\u53ef\u5bfc\u51faCSV\u62a5\u544a\uff09<\/td>\n<td style=\"text-align: left;\">\u63d0\u4f9b\u53ef\u89c6\u5316\u754c\u9762\u548c\u4e00\u7ad9\u5f0f\u5b89\u5168\u5206\u6790<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\"><strong>\u96c6\u6210\u5316\u5de5\u5177\u96c6<\/strong><\/td>\n<td style=\"text-align: left;\"><strong>sbom-utilities-pipe<\/strong> (Docker\u955c\u50cf)<\/td>\n<td style=\"text-align: left;\">\u96c6\u6210\u6f0f\u6d1e\u626b\u63cf\u3001SBOM\u8d28\u91cf\u8bc4\u5206\u7b49\u591a\u79cd\u5206\u6790\u5de5\u5177<\/td>\n<td style=\"text-align: left;\">\u4e0d\u786e\u5b9a\uff08\u96c6\u6210\u4e86\u591a\u79cd\u5de5\u5177\uff09<\/td>\n<td style=\"text-align: left;\">\u5f00\u7bb1\u5373\u7528\uff0c\u9002\u5408\u96c6\u6210\u5230CI\/CD\u6d41\u6c34\u7ebf\u4e2d<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3>\ud83d\udd27 \u5982\u4f55\u8fdb\u884cJSON\u5230CSV\u7684\u8f6c\u6362<\/h3>\n<p>\u4f7f\u7528 <strong>CycloneDX CLI<\/strong> \u8f6c\u6362\u683c\u5f0f\u975e\u5e38\u7b80\u5355\uff0c\u5176 &lt;code&gt;convert&lt;\/code&gt; \u547d\u4ee4\u652f\u6301\u5728\u591a\u79cd\u683c\u5f0f\u95f4\u4e92\u8f6c\u3002<\/p>\n<p><strong>\u57fa\u672c\u8f6c\u6362\u547d\u4ee4\uff1a<\/strong><\/p>\n<pre><code class=\"language-bash\">cyclonedx convert --input-file sbom.json --output-file sbom.csv --input-format json --output-format csv<\/code><\/pre>\n<p><strong>\u4f7f\u7528\u7ba1\u9053 (Pipe)\uff1a<\/strong><br \/>\n\u4f60\u4e5f\u53ef\u4ee5\u5229\u7528\u5176\u652f\u6301\u6807\u51c6\u8f93\u5165\/\u8f93\u51fa\u7684\u7279\u6027\uff0c\u901a\u8fc7\u7ba1\u9053\u7ec4\u5408\u547d\u4ee4\uff1a<\/p>\n<pre><code class=\"language-bash\">cat sbom.json | cyclonedx convert --input-format json --output-format csv &amp;gt; sbom.csv<\/code><\/pre>\n<p><strong>\u5173\u4e8eCSV\u683c\u5f0f\u7684\u8bf4\u660e\uff1a<\/strong><br \/>\n\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0cCSV\u662fSBOM\u7684\u7b80\u5316\u8868\u793a\uff0c\u4e3b\u8981\u5305\u542b\u7ec4\u4ef6\u5217\u8868\u3002\u901a\u5e38\uff0c&lt;code&gt;name&lt;\/code&gt;\uff08\u540d\u79f0\uff09\u548c &lt;code&gt;version&lt;\/code&gt;\uff08\u7248\u672c\uff09\u662f\u5fc5\u586b\u5b57\u6bb5\uff0c\u5176\u4ed6\u5b57\u6bb5\u53ef\u4ee5\u4e3a\u7a7a\u6216\u7701\u7565\u3002<\/p>\n<h3>\ud83d\udcdd \u5176\u4ed6\u5e38\u89c1\u5904\u7406\u9700\u6c42\u5de5\u5177\u63a8\u8350<\/h3>\n<p>\u9664\u4e86\u683c\u5f0f\u8f6c\u6362\uff0c\u4f60\u53ef\u80fd\u8fd8\u6709\u5176\u4ed6\u9700\u6c42\uff0c\u4ee5\u4e0b\u5de5\u5177\u53ef\u4f9b\u53c2\u8003\uff1a<\/p>\n<ul>\n<li><strong>\u751f\u6210SBOM<\/strong>\uff1a\u9664\u4e86\u8868\u683c\u4e2d\u7684&lt;code&gt;cdxgen&lt;\/code&gt;\uff0c\u5404\u8bed\u8a00\u751f\u6001\u4e5f\u6709\u4e13\u7528\u5de5\u5177\uff0c\u4f8b\u5982C++\u7684&lt;code&gt;cyclonedx-conan&lt;\/code&gt;\u3002<\/li>\n<li><strong>\u5206\u6790\u3001\u5408\u5e76\u3001\u9a8c\u8bc1SBOM<\/strong>\uff1a<strong>CycloneDX CLI<\/strong> \u7684 &lt;code&gt;analyze&lt;\/code&gt;\uff08\u5206\u6790\uff09\u3001&lt;code&gt;merge&lt;\/code&gt;\uff08\u5408\u5e76\uff09\u3001&lt;code&gt;validate&lt;\/code&gt;\uff08\u9a8c\u8bc1\uff09\u547d\u4ee4\u53ef\u4ee5\u6ee1\u8db3\u8fd9\u4e9b\u9700\u6c42\u3002<\/li>\n<li><strong>\u626b\u63cfSBOM\u4e2d\u7684\u6f0f\u6d1e<\/strong>\uff1a\u53ef\u4ee5\u5c1d\u8bd5 &lt;code&gt;sbom-utilities-pipe&lt;\/code&gt; \u955c\u50cf\u4e2d\u96c6\u6210\u7684 <strong>bomber<\/strong>\u3001<strong>grype<\/strong>\u3001<strong>osv-scanner<\/strong> \u7b49\u5de5\u5177\u3002<\/li>\n<\/ul>","protected":false},"excerpt":{"rendered":"<p>\u5904\u7406CycloneDX SBOM\u6587\u4ef6\u7684\u5de5\u5177\u9009\u62e9\u5f88\u591a\uff0c\u6838\u5fc3\u5de5\u5177\u662f CycloneDX CLI\uff0c\u5b83\u53ef\u4ee5\u76f4\u63a5\u5c06JSO [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"pmpro_default_level":"","footnotes":""},"categories":[26],"tags":[],"class_list":["post-425","post","type-post","status-publish","format-standard","hentry","category-foss","pmpro-has-access"],"_links":{"self":[{"href":"https:\/\/ns1.koudaipc.com\/en\/wp-json\/wp\/v2\/posts\/425","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ns1.koudaipc.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ns1.koudaipc.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ns1.koudaipc.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ns1.koudaipc.com\/en\/wp-json\/wp\/v2\/comments?post=425"}],"version-history":[{"count":2,"href":"https:\/\/ns1.koudaipc.com\/en\/wp-json\/wp\/v2\/posts\/425\/revisions"}],"predecessor-version":[{"id":427,"href":"https:\/\/ns1.koudaipc.com\/en\/wp-json\/wp\/v2\/posts\/425\/revisions\/427"}],"wp:attachment":[{"href":"https:\/\/ns1.koudaipc.com\/en\/wp-json\/wp\/v2\/media?parent=425"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ns1.koudaipc.com\/en\/wp-json\/wp\/v2\/categories?post=425"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ns1.koudaipc.com\/en\/wp-json\/wp\/v2\/tags?post=425"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}