This tutorial illustrates how to produce an SBOM from Erlang projects using the Rebar3_Sbom plugin.
-
Erlang 25
-
Rebar3
Navigate to your Erlang project.
Copy and paste:
{plugins, [rebar3_sbom]}.into your rebar.config file.
Then run:
rebar3 sbomA bom.xml should appear in your directory.
-
Ensure that you have at least Erlang version 25, lower versions do not work, and result in crashes.
-
The only output format available appears to be xml. However, this output can be converted to JSON.
-
This generator may create SBOMs with flawed serial numbers, rendering the SBOM invalid.
-
Voltone. (2022). Rebar3_sbom. https://github.com/voltone/rebar3_sbom
-
Erlang. (2023). Rebar3. https://github.com/erlang/rebar3
-
Erlang and elixir packages download. Erlang Solutions. (2023, September 13). https://www.erlang-solutions.com/downloads/
-
Voltone, Afa, & Maxlapshin. (2022, July 18). Rebar3_sbom: Rebar3 plugin to generate CycloneDX sbom. Erlang Forums. https://erlangforums.com/t/rebar3-sbom-rebar3-plugin-to-generate-cyclonedx-sbom/1655