sbom-tool
sbom-tool copied to clipboard
microsoft
The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.
https://www.nuget.org/packages?q=Microsoft.componentDetection
The package is used in the Microsoft.Sbom.Api project inside the Bindings.cs file
Mark Russinovich (Azure CTO) tried the tool and found a minor doc bug where “sbom-tool” is missing in this sample command line:  He also faced the following error when...
e.G. sbom-tool -v
1. run command: .\sbom-tool-win-x64.exe generate -b $filepath -bc $codepath -pn alicedemo -pv 1.0.0 -ps Alice -nsb https://alicedemo.com -m $manifestpath 2. To generate the file: $manifestpath\_manifest\spdx_2.2\manifest.spdx.json 3. run validate command: .\sbom-tool-win-x64.exe...
Add examples and documentation to elaborate exactly how Dockerfile detection works and what the customers should expect to see in the final SBOM about the Dockerfile packages.
Hi! I would like to ask for help to understand how the `sbom-tool` works for Rust code. We in the [Kubewarden team](https://github.com/kubewarden) are evaluating to use `sbom-tool` to generate the...
As I found sbom-tool using [component-detection](https://github.com/microsoft/component-detection) to scan for components and dependencies, which support both requirements.txt and poetry.lock. But when I scanned the project with poetry.lock, it didn't work, regardless...
Hiya, I'm running the tool with `-V Error` and still getting output tagged `[INFO]`. My guess is that you're missing an `[ArgShortcut("V")]` attribute from [CommonArgs.cs](https://github.com/microsoft/sbom-tool/blob/main/src/Microsoft.Sbom.Api/Config/Args/CommonArgs.cs#L20)?
Validating SBOM with ValidateSignature passed generates the following warning: ##[warning]ValidateSignature switch is true, but couldn't find a sign validator for the current OS, skipping validation. Couldn't find any indications in...
