sbom

star 60

Generate a CycloneDX SBOM for the repository via `git-pkgs sbom`. Stored verbatim on the scan.

alpha-omega-security By alpha-omega-security schedule Updated 6/4/2026

name: sbom description: Generate a CycloneDX SBOM for the repository via git-pkgs sbom. Stored verbatim on the scan. license: MIT compatibility: Requires the git-pkgs CLI on PATH. metadata: scrutineer.model: mid scrutineer.version: 1 scrutineer.output_file: report.json scrutineer.output_kind: freeform scrutineer.paths: - "" scrutineer.ignore_paths: - "/node_modules/" - "/dist/" - "/generated/" - "/generated/" - "/.min.js" - "**/.min.css"


sbom

Workspace

  • ./src — the cloned repository
  • ./scripts/generate.sh — the wrapper script
  • ./report.json — write the SBOM here

Available scripts

  • scripts/generate.sh — runs git-pkgs sbom --format json inside ./src and emits the CycloneDX JSON document to stdout.

What to do

bash scripts/generate.sh > ./report.json

If the script exits non-zero, write {"error": "<stderr message>"} to ./report.json so the failure is visible on the scan page.

The output is consumed as freeform (stored verbatim; no post-processing) so the CycloneDX document is preserved exactly as git-pkgs produced it.

Install via CLI
npx skills add https://github.com/alpha-omega-security/scrutineer --skill sbom
Repository Details
star Stars 60
call_split Forks 18
navigation Branch main
article Path SKILL.md
More from Creator
alpha-omega-security
alpha-omega-security Explore all skills →