cargo-cyclonedx
« Back to VersTracker
Description:
Creates CycloneDX Software Bill of Materials (SBOM) from Rust (Cargo) projects
Type: Formula  |  Latest Version: 0.5.7@0  |  Tracked Since: Dec 17, 2025
Links: Homepage  |  formulae.brew.sh
Category: Developer tools
Tags: rust sbom cyclonedx security compliance cargo
Install: brew install cargo-cyclonedx
About:
cargo-cyclonedx is a command-line utility that generates CycloneDX Software Bill of Materials (SBOM) documents directly from Rust Cargo projects. It analyzes your project's dependency tree to produce standardized JSON or XML output, helping you meet security compliance and supply chain transparency requirements.
Key Features:
  • Parses Cargo.lock to accurately map dependency graphs
  • Outputs standard CycloneDX formats (JSON, XML)
  • Integrates into CI/CD pipelines for automated SBOM generation
  • Supports custom metadata injection for build provenance
Use Cases:
  • Generating SBOMs for software supply chain security compliance
  • Auditing dependency licenses and vulnerabilities in Rust projects
  • Automating artifact metadata generation in CI/CD workflows
Alternatives:
  • cargo-about – Focuses on license aggregation rather than SBOM generation
  • syft – Scans container images but can also detect Rust binaries
License: Apache-2.0
Bottles available for: arm64_tahoe, arm64_sequoia, arm64_sonoma, arm64_ventura, sonoma, ventura, arm64_linux, x86_64_linux
Version History
Detected Version Rev Change Commit
Sep 12, 2025 5:56pm 0 VERSION_BUMP 3c565377