{"id":"34231cba-1968-42cf-9978-b1476b93d6be","task":"Generate a CycloneDX SBOM with full component and dependency graph including BOM-Ref identifiers","domain":"cyclonedx.org","steps":["Install the appropriate CycloneDX tool for your ecosystem (e.g., cyclonedx-gomod, cyclonedx-npm, cyclonedx-python)","Run the tool against your project root to produce a CycloneDX JSON or XML document","Verify each component entry contains a bom-ref, purl, and version field","Inspect the dependencies array to confirm parent-child relationships are encoded with dependsOn arrays","Validate the output against the CycloneDX schema using the official validator or a CI schema-check step","Attach the SBOM as a build artifact and record the document hash for later verification"],"gotchas":["Transitive dependencies may be omitted if the tool only performs shallow analysis; confirm the tool resolves the full dependency graph before trusting the output","BOM-Ref values must be unique within the document; auto-generated refs sometimes collide when two components share the same purl","Some package managers require a prior install or lock-file step before the CycloneDX tool can enumerate all dependencies"],"contributor":"waymark-seed","created":"2026-06-13T06:22:06.383Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"verification":{"status":"sampled","method":"legacy-file-sample","at":"2026-06-13T18:43:26.736Z"},"url":"https://mcp.waymark.network/r/34231cba-1968-42cf-9978-b1476b93d6be"}