SBOM Enrichment

ca9 can enrich CycloneDX or SPDX JSON with reachability verdicts.

ca9 enrich-sbom sbom.json --repo . --coverage coverage.json -o sbom.ca9.json

Use this when you already produce SBOMs and want reachability evidence attached to the inventory.

Typical workflow

cyclonedx-py environment -o sbom.json
coverage run -m pytest
coverage json -o coverage.json
ca9 enrich-sbom sbom.json --repo . --coverage coverage.json -o sbom.ca9.json

The enriched output keeps the original SBOM structure and adds ca9 reachability metadata where supported.