合并cyclonedx格式的bom文件

1.工具下载

https://github.com/CycloneDX/cyclonedx-cli/releases

2.操作记录

Usage:
cyclonedx [options] [command]
Options:
--version Show version information
-?, -h, --help Show help and usage information
Commands:
add Add information to a BOM (currently supports files)
analyze Analyze a BOM file
convert Convert between different BOM formats
diff <from-file> <to-file> Generate a BOM diff
keygen Generates an RSA public/private key pair for BOM
signing
merge Merge two or more BOMs
sign Sign a BOM or file
validate Validate a BOM
verify Verify signatures in a BOM

合并操作：

合并操作
______ __ ____ _ __ ________ ____
/ ____/_ _______/ /___ ____ ___ / __ \ |/ / / ____/ / / _/
/ / / / / / ___/ / __ \/ __ \/ _ \/ / / / / / / / / / /
/ /___/ /_/ / /__/ / /_/ / / / / __/ /_/ / | / /___/ /____/ /
\____/\__, /\___/_/\____/_/ /_/\___/_____/_/|_| \____/_____/___/
/____/
Usage:
cyclonedx [options] [command]
Options:
--version Show version information
-?, -h, --help Show help and usage information
Commands:
add Add information to a BOM (currently supports files)
analyze Analyze a BOM file
convert Convert between different BOM formats
diff <from-file> <to-file> Generate a BOM diff
keygen Generates an RSA public/private key pair for BOM
signing
merge Merge two or more BOMs
sign Sign a BOM or file
validate Validate a BOM
verify Verify signatures in a BOM
merge:
Merge two or more BOMs
Usage:
cyclonedx merge [options]
Options:
--input-files <input-files> Input BOM filenames (separate
filenames with a space).
--output-file <output-file> Output BOM filename, will
write to stdout if no value provided.
--input-format <autodetect|json|protobuf|xml> Specify input file format.
--output-format <autodetect|json|protobuf|xml> Specify output file format.
--hierarchical Perform a hierarchical merge.
--group <group> Provide the group of software
the merged BOM describes.
--name <name> Provide the name of software
the merged BOM describes (required for hierarchical merging).
--version <version> Provide the version of
software the merged BOM describes (required for hierarchical merging).

#合并两个xml
cyclonedx-cli merge --input-files sbom1.xml sbom2.xml --output-file bom.xml
# 合并两个json
cyclonedx-cli merge --input-files sbom1.json sbom2.json --output-file bom.json

实际操作：
Windows下载“cyclonedx-win-x64.exe”
执行：

cyclonedx-win-x64.exe merge --input-files file1.xml file.xml --output-file bom.xml
cyclonedx-win-x64.exe merge --input-files file1.json file2.json --output-file bom3.json

linux 下载“cyclonedx-linux-x64”

./cyclonedx-linux-x64 merge --input-files file1.xml file.xml --output-file bom.xml
./cyclonedx-linux-x64 merge --input-files file.json file2.json --output-file bom.json

执行结果：

Processing input file file1.xml
    Contains 154 components
Processing input file file.xml
    Contains 44 components
Writing output file...
    Total 198 components