Use the Lacework CLI to Generate an SBOM
SBOM functionality is currently in beta for select Lacework customers. Contact your Lacework Representative for more information.
To output a Software Bill of Materials (SBOM) using the Lacework CLI, run the SCA component and use the -o output flag with -o sbom.json. For example:
lacework sca scan . -o sbom.json
After you run SCA, a summary of findings is available in the CLI. The summary includes information about the repository analyzed and the breakdown of vulnerabilities (e.g.HIGH severity: 3). For additional information, such as the specific vulnerabilities found, open the sbom.json file located in your current directory.
Specify the SBOM Format
You can also specify the SBOM format with the -f flag. Current support includes:
| Format | Available File Types |
|---|---|
| Sarif | sarif |
| CycloneDX | cdx-xml, cdx-json |
| SPDX | spdx-json, spdx-tag, spdx-yaml |
| Lacework (default) | lw-json |
| GitLab | gitlab-json |
For example, to generate a CycloneDX json SBOM file, run:
lacework sca scan . -o sbom.json -f cdx-json