Skip to main content

Supported Formats

SCANOSS-PY supports the following SBOM formats:
  • CycloneDX - Industry standard for software supply chain component analysis
  • SPDX Lite - Lightweight variant of the Software Package Data Exchange standard
  • Plain JSON - Raw SCANOSS scan results
  • CSV - Tabular format for spreadsheet analysis

Generating SBOMs

CycloneDX

Generate a CycloneDX compliant SBOM: 
scanoss-py scan --format cyclonedx -o sbom.cdx.json /path/to/folder

SPDX Lite

Generate an SPDX Lite compliant SBOM: 
scanoss-py scan --format spdxlite -o sbom.spdx.json /path/to/folder

Plain JSON

Generate raw SCANOSS results in JSON format: 
scanoss-py scan --format plain -o results.json /path/to/folder

CSV Report

Generate a CSV report for analysis in spreadsheet applications: 
scanoss-py scan --format csv -o results.csv /path/to/folder

Converting Existing Scans

If you already have scan results, convert them to SBOM format without rescanning: 
# Convert to CycloneDX
scanoss-py convert --input results.json --format cyclonedx --output scan-results-cyclonedx.cdx.json

# Convert to SPDX Lite
scanoss-py convert --input results.json --format spdxlite --output scan-results-spdxlite.json

# Convert to GitLab Code Quality Report
scanoss-py convert --input results.json --format glc-codequality --output gl-code-quality-report.json