An Intro to SBOMs

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
sbom sbom-generator

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • sbom-tool

    The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.

    • I use them. With the Microsoft SBOM tool[0] I generate a SBOM (which is unfortunately missing license information) and then feed them to Google OSV scanner to check for vulnerabilities. Not unlike Github Advanced Security does.

    [0]: https://github.com/microsoft/sbom-tool

  • osv-scanner

    Vulnerability scanner written in Go which uses the data provided by https://osv.dev

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts