Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/VexStore/fatbom

fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool's strength.
https://github.com/VexStore/fatbom

cpe purl sbom supply-chain

Last synced: 29 days ago
JSON representation

fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool's strength.

Host: GitHub
URL: https://github.com/VexStore/fatbom
Owner: VexStore
License: mit
Created: 2022-08-29T16:13:09.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2022-10-24T12:12:30.000Z (about 2 years ago)
Last Synced: 2024-11-02T16:03:47.976Z (about 1 month ago)
Topics: cpe, purl, sbom, supply-chain
Language: Go
Homepage:
Size: 134 KB
Stars: 32
Watchers: 2
Forks: 0
Open Issues: 4
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-software-supply-chain-security - sbs2001/fatbom: fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool's strength.

README

        # FatBOM 

fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool's strength.

[![asciicast](https://asciinema.org/a/sLRr4qfMbG9iHBejSohGH09nX.svg)](https://asciinema.org/a/sLRr4qfMbG9iHBejSohGH09nX)

# Installation

Download the latest release archive from [Github Releases](!https://github.com/sbs2001/fatbom/releases) for your os and arch.

Example

```bash

curl -L  -o fatbom.tar.gz  https://github.com/sbs2001/fatbom/releases/download/v0.0.1/fatbom_0.0.1_Linux_x86_64.tar.gz

sudo tar xvf fatbom.tar.gz -C /usr/local/bin/ fatbom

```

# Usage 

```

fatbom -s /path/to/scan

```

This command will create 2 files

- `merged_sbom.json` : It's  a standard JSON SPDX SBOM, made by combining output of all SBOM tools.

- `semi_merged_sbom.json`. It contains SBOM generated by each tool.

# Example SBOMs

- [SBOM for last release](https://github.com/sbs2001/fatbom/releases/download/v0.0.1/merged_bom.json)

- [Semi Merged SBOM for last release](https://github.com/sbs2001/fatbom/releases/download/v0.0.1/semi_merged_bom.json)

# Tools Used

- [microsoft/sbom-tool](https://github.com/microsoft/sbom-tool)

- [kubernetes-sigs/bom](https://github.com/kubernetes-sigs/bom)

- [opensbom-generator/spdx-sbom-generator](https://github.com/opensbom-generator/spdx-sbom-generator)

- [anchore/syft](https://github.com/anchore/syft)