FatBOM

fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool's strength.

Installation

Download the latest release archive from Github Releases for your os and arch.

Example

curl -L  -o fatbom.tar.gz  https://github.com/sbs2001/fatbom/releases/download/v0.0.1/fatbom_0.0.1_Linux_x86_64.tar.gz
sudo tar xvf fatbom.tar.gz -C /usr/local/bin/ fatbom

Usage

fatbom -s /path/to/scan

This command will create 2 files

merged_sbom.json : It's a standard JSON SPDX SBOM, made by combining output of all SBOM tools.
semi_merged_sbom.json. It contains SBOM generated by each tool.

Example SBOMs

SBOM for last release
Semi Merged SBOM for last release

Tools Used

microsoft/sbom-tool
kubernetes-sigs/bom
opensbom-generator/spdx-sbom-generator
anchore/syft

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

FatBOM

Installation

Usage

Example SBOMs

Tools Used

Files

README.md

Latest commit

History

README.md

File metadata and controls

FatBOM

Installation

Usage

Example SBOMs

Tools Used