spdx-sbom-generator

SPDX Software Bill of Materials (SBOM) Generator

The spdx-sbom-generator tool helps those in the community that want to generate SPDX Software Bill of Materials (SBOMs) with current package managers. It has a command line Interface (CLI) that lets you generate SBOM information, including components, licenses, copyrights, and security references of your software using SPDX v2.2 specification and aligning with the current known minimum elements from NTIA. It automatically determines which package managers or build systems are actually being used by the software. spdx-sbom-generator is supporting the following (bundling) package managers: * GoMod (go) * Cargo (Rust) * Composer (PHP) * DotNet (.NET) * Maven (Java) * NPM (Node.js) * Yarn (Node.js) * PIP (Python) * Pipenv (Python) * Gems (Ruby) * Swift Package Manager (Swift)