renovate-to-sbom to convert Renovate data to Software Bill of Materials (SBOMs)
One thing early on in the dependency-management-data project was considering generating Software Bill of Materials (SBOMs) from Renovate's data, so it could be consumed by other tools.
Although I've since added support for consuming SBOMs in dependency-management-data, I find it interesting to be able to take existing data forms and convert them to a more standardised form. I'm not actually sure if it will be super useful to anyone, but it was fun to build, and has been interesting writing SBOMs as well as just consuming them.
As part of the v0.52.0 release of dependency-management-data, we can install the
go install dmd.tanna.dev/cmd/renovate-to-sbom@latest
Then we can use the CLI to take exports from
renovate-to-sbom 'renovate/*.json' --out-format spdx2.3+json
Or we can take debug logs from Renovate:
renovate-to-sbom 'debug.log' --out-format cyclonedx1.5+json