This tutorial illustrates how to produce an SBOM from Erlang projects using the Rebar3_Sbom plugin.
-
Erlang 25
-
Rebar3
Navigate to your Erlang project.
Copy and paste:
{plugins, [rebar3_sbom]}.into your rebar.config file.
Then run:
rebar3 sbomA bom.xml should appear in your directory.
-
Ensure that you have at least Erlang version 25, lower versions do not work, and result in crashes.
-
The only output format available appears to be xml. However, this output can be converted to JSON.
-
This generator may create SBOMs with flawed serial numbers, rendering the SBOM invalid.
This section illustrates a CycloneDX XML SBOM, from the Rebar3_Sbom codebase, created via Rebar3_Sbom.
<title>Pretty JSON Display</title> <style> #json-container { height: 400px; /* Set a fixed height */ overflow-y: auto; /* Enable vertical scrolling */ border: 2px solid #ccc; /* Optional: add a border for visibility */ padding: 10px; } #xml-container { height: 400px; /* Set a fixed height */ overflow-y: auto; /* Enable vertical scrolling */ border: 2px solid #ccc; /* Optional: add a border for visibility */ padding: 10px; } pre { margin: 0; white-space: pre-wrap; word-wrap: break-word; } </style>-
Erlang and elixir packages download. Erlang Solutions. (2023, September 13). https://www.erlang-solutions.com/downloads/
-
Voltone, Afa, & Maxlapshin. (2022, July 18). Rebar3_sbom: Rebar3 plugin to generate CycloneDX sbom. Erlang Forums. https://erlangforums.com/t/rebar3-sbom-rebar3-plugin-to-generate-cyclonedx-sbom/1655