Is there any tool through which we can generate SBOM report ( SPDX / CycloneDX) for Windows programs?

Question

Is there any tool through which we can generate SBOM report ( SPDX / CycloneDX) for Windows programs ?

There are many tools available which can scan Linux OS packages and application packages ( e.g java , maven, .net) like Trivy,Syft,whitesource but it looks like there is no tool available which can generate SBOM report for the applications installed on Microsoft Windows.

Pls suggest.

Thanks Abdul Mohsin

score 3 · Answer 1 · answered Dec 18 '22 at 13:32

You can try Microsoft sbom-tool https://github.com/microsoft/sbom-tool

Microsoft provides a tool that you can generate SBOM based on Microsoft GitHub NuGet package https://github.com/orgs/microsoft/packages?repo_name=sbom-tool.

This tool support projects that have a .NET project which can ingest packages from nuget.org or only projects that target .NET 6 or higher are supported,

Is there any tool through which we can generate SBOM report ( SPDX / CycloneDX) for Windows programs?

1 Answers1