CMake Projects

This guide covers generating an SBOM for a C/C++ project built with CMake.

Prerequisites

lynkctl installed — see Installation
CMake 3.14 or newer
A configured build tree

lynkctl reads the CMake File API replies, not CMakeLists.txt directly. The project must already be configured so those replies exist.

Step 1 — Configure the Build Tree

Run CMake configure once to produce a build directory:

cmake -S ./app -B ./app/build -DCMAKE_BUILD_TYPE=Release

This populates ./app/build/.cmake/api/v1/reply/ with the File API replies lynkctl needs. No compilation happens at this step beyond CMake's own configure work.

Step 2 — Generate the SBOM

lynkctl generate ./app \
  --provider cmake \
  --cmake-build-dir ./app/build \
  -o app.cdx.json

Multi-Config Generators

For multi-config generators such as Ninja Multi-Config or Visual Studio, name the configuration with --cmake-config:

lynkctl generate ./app \
  --provider cmake \
  --cmake-build-dir ./app/build \
  --cmake-config Release \
  -o app.cdx.json

If multiple configurations exist and you omit --cmake-config, lynkctl reports CMAKE_MULTI_CONFIG_AMBIGUOUS.

Container and Host Path Differences

When the build tree was configured inside a container but lynkctl runs on the host (or vice versa), absolute paths in the File API replies will not resolve. Rewrite them with --cmake-path-prefix-map, which is repeatable as FROM=TO:

lynkctl generate ./app \
  --provider cmake \
  --cmake-build-dir ./app/build \
  --cmake-path-prefix-map /work=/home/ci/app \
  -o app.cdx.json

Projects in a Larger Repository

DIR doubles as the source and VCS root that lynkctl uses for git enrichment. When the CMake project is a subdirectory of a larger repository, point --project-root at the repository root so git-derived metadata resolves correctly:

lynkctl generate ./repo/app \
  --provider cmake \
  --cmake-build-dir ./repo/app/build \
  --project-root ./repo \
  -o app.cdx.json

--project-root defaults to DIR and is shared by every provider.

Missing File API Replies

If the build directory exists but the File API replies are missing, lynkctl (with the default --cmake-query=true) writes File API query stamps and asks you to rerun CMake configure. Run the configure command from Step 1 again, then retry generate.

Troubleshooting

If a run reports warnings or errors, rerun with -v to see the individual diagnostics and their suggested actions. See Diagnostics & Exit Codes for severity levels, exit codes, and strict mode. For help interpreting a specific diagnostic, contact Interlynk.

PreviousGNU Make Projects NextIAR Embedded Workbench Firmware

Last updated 20 days ago