Ask HN: Open-source SBOM generation tools?

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Golang sbom cyclonedx Containers Owasp

InfluxDB
Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • dependency-track

    Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

  • gobom

    An extensible CycloneDX BOM generator and Dependency-Track API client written in Go

    • We weren't happy with what was already out there, so we built our own -- https://github.com/mattermost/gobom

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • syft

    CLI tool and library for generating a Software Bill of Materials from container images and filesystems

    • Currently the best one I know of is https://github.com/anchore/syft. It finds most dependencies even within built artifacts.

    You can also check out the comments in https://news.ycombinator.com/item?id=32104805 - the release announcement of Salus (Microsoft)

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts