> For the complete documentation index, see [llms.txt](https://docs.interlynk.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.interlynk.io/lynkctl/generate.md).

# Generating SBOMs

`lynkctl generate` reads a project's build system or its package-manager descriptors and emits a CycloneDX 1.6+ or SPDX 3.0+ (Experimental) SBOM. Build providers inspect C/C++ project metadata without executing the build; manifest providers read package-manager descriptors directly.

```bash
lynkctl generate [DIR] [flags]
```

`DIR` is the project root and defaults to the current directory.

***

## Provider Selection

By default lynkctl auto-detects the provider from root-level signals. If **multiple** provider signals are present at the root, detection is ambiguous and lynkctl asks you to choose with `--provider`.

### Build providers

| `--provider` | Build system                   |
| ------------ | ------------------------------ |
| `gnu-make`   | GNU Make                       |
| `cmake`      | CMake                          |
| `iar`        | IAR Embedded Workbench for Arm |

### Manifest providers

| `--provider` | Ecosystem                               |
| ------------ | --------------------------------------- |
| `npm`        | JavaScript / npm                        |
| `yarn`       | JavaScript (alias for the npm provider) |
| `python`     | Python                                  |
| `go`         | Go modules                              |
| `cargo`      | Rust / Cargo                            |
| `gem`        | Ruby / RubyGems                         |
| `php`        | PHP / Composer                          |
| `nuget`      | .NET / NuGet                            |
| `dotnet`     | .NET (alias for the NuGet provider)     |
| `csharp`     | .NET (alias for the NuGet provider)     |
| `maven`      | Java / Maven                            |
| `gradle`     | Java / Gradle                           |

`--provider auto` (the default) detects any of the above. See the [Overview](/lynkctl/lynkctl.md#supported-ecosystems) for the files each provider is detected from.

For step-by-step walkthroughs, see the How-To guides:

* [GNU Make Projects](/lynkctl/how-to-guides/gnu-make.md)
* [CMake Projects](/lynkctl/how-to-guides/cmake.md)
* [IAR Embedded Workbench Firmware](/lynkctl/how-to-guides/iar.md)
* [Package Manifest Projects](/lynkctl/how-to-guides/package-manifests.md)

## Quick Examples

```bash
# Auto-detect, SBOM to stdout
lynkctl generate ./myproject

# Write to a file
lynkctl generate ./myproject -o sbom.cdx.json

# Force a specific provider
lynkctl generate ./myproject --provider go -o sbom.cdx.json

# Fail the build on any warning (CI gate)
lynkctl generate ./myproject --strict -o sbom.cdx.json
```

## Flag Reference

Every command supports `--output`, `--quiet`, `--verbose`, and `--strict` — see [Overview](/lynkctl/lynkctl.md#flags-available-on-every-command). The most common `generate` flags:

| Flag             | Description                                                                                            |
| ---------------- | ------------------------------------------------------------------------------------------------------ |
| `--provider`     | Choose the build system or manifest provider (default `auto`).                                         |
| `--evidence`     | Include evidence for how each field was determined. See [Evidence & Confidence](/lynkctl/evidence.md). |
| `--reproducible` | Produce deterministic output. See [Reproducible SBOMs](/lynkctl/how-to-guides/reproducible.md).        |
| `--overrides`    | Apply manual component corrections from a YAML file. See [Manual Overrides](#manual-overrides).        |
| `--no-enrich`    | Skip enrichment; emit only build-system or manifest extraction.                                        |

Provider-specific flags — such as `--cmake-build-dir`, `--iar-config`, and `--make-target` — are covered in the How-To guide for each build system. Run `lynkctl generate --help` for the complete flag reference.

## Manual Overrides

`--overrides` points at a YAML file. Each entry matches a component by name **or** by source-file path glob, and replaces its fields. Overrides resolve at confidence 1.0 and always win over auto-detected values. Empty fields are left untouched. An entry that matches no component emits an `OVERRIDE_NO_MATCH` diagnostic.

```yaml
overrides:
  - name: openssl              # exact match on detected component name
    version: 3.0.12
    license: Apache-2.0
    link_type: static          # static | dynamic
  - path: third_party/zlib/**  # glob match against component source files
    name: zlib                 # rename the matched component
    version: 1.3
    license: Zlib
```

## Next Steps

* Understand what lynkctl emitted: [Evidence & Confidence](/lynkctl/evidence.md)
* Read the warnings and errors in a run: [Diagnostics & Exit Codes](/lynkctl/diagnostics.md)
* Wire lynkctl into a pipeline: [Running in CI/CD](/lynkctl/how-to-guides/ci-cd.md)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.interlynk.io/lynkctl/generate.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.