Skip to content

VexStore/fatbom

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits

.github/workflows

.github/workflows

 
 

.gitignore

.gitignore

 
 

.goreleaser.yaml

.goreleaser.yaml

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

bomtool_string.go

bomtool_string.go

 
 

format.go

format.go

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

main.go

main.go

 
 

mergers.go

mergers.go

 
 

types.go

types.go

 
 

Repository files navigation

FatBOM

fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool's strength.

asciicast

Installation

Download the latest release archive from Github Releases for your os and arch.

Example

curl -L  -o fatbom.tar.gz  https://github.com/sbs2001/fatbom/releases/download/v0.0.1/fatbom_0.0.1_Linux_x86_64.tar.gz
sudo tar xvf fatbom.tar.gz -C /usr/local/bin/ fatbom

Usage

fatbom -s /path/to/scan

This command will create 2 files

  • merged_sbom.json : It's a standard JSON SPDX SBOM, made by combining output of all SBOM tools.
  • semi_merged_sbom.json. It contains SBOM generated by each tool.

Example SBOMs

Tools Used

About

fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool's strength.

Topics

supply-chain cpe purl sbom

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

32 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 2

v0.0.2 Latest
Oct 24, 2022
+ 1 release

Packages

No packages published

Languages