npm

sbom-tool

Generate software bill of materials for code artifacts and dependencies.

brewmacoslinux

Try with needOr install directly

Source

About

Scalable and enterprise ready tool to create SBOMs for any variety of artifacts

Commands

sbom-tool

Examples

create software bill of materials for a folder$ sbom-tool generate -b . -bc . -pn MyProject -pv 1.0.0 -ps MyCompany

generate sbom for docker container image$ sbom-tool generate -b . -bc . -pn ContainerApp -pv latest -ps MyOrg -di myregistry.azurecr.io/myimage:latest

output sbom in json format instead of xml$ sbom-tool generate -b . -bc . -pn MyApp -pv 1.0.0 -ps MyCompany -o json

validate existing sbom file for correctness$ sbom-tool validate -i sbom.spdx.json

scan npm dependencies and list components$ sbom-tool generate -b . -bc . -pn WebApp -pv 1.0.0 -ps MyTeam -m packages