Skip to content
/ fatbom Public

fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool's strength.

License

MIT license
32 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

VexStore/fatbom

BranchesTags

Repository files navigation

FatBOM

fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool's strength.

asciicast

Installation

Download the latest release archive from Github Releases for your os and arch.

Example

curl -L  -o fatbom.tar.gz  https://github.com/sbs2001/fatbom/releases/download/v0.0.1/fatbom_0.0.1_Linux_x86_64.tar.gz
sudo tar xvf fatbom.tar.gz -C /usr/local/bin/ fatbom

Usage

fatbom -s /path/to/scan

This command will create 2 files

  • merged_sbom.json : It's a standard JSON SPDX SBOM, made by combining output of all SBOM tools.
  • semi_merged_sbom.json. It contains SBOM generated by each tool.

Example SBOMs

Tools Used

About

fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool's strength.

Topics

supply-chain cpe purl sbom

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

32 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 2

v0.0.2 Latest
Oct 24, 2022
+ 1 release

Packages

No packages published

Languages