bom
« Back to VersTracker
Description:
Utility to generate SPDX-compliant Bill of Materials manifests
Type: Formula  |  Latest Version: 0.7.1@0  |  Tracked Since: Dec 17, 2025
Links: Homepage  |  formulae.brew.sh
Category: Security
Tags: spdx sbom security compliance kubernetes devops
Install: brew install bom
About:
The Bill of Materials (bom) tool generates SPDX-compliant manifests for software artifacts. It inspects container images, file systems, and other inputs to create a comprehensive inventory of components and dependencies. This enables organizations to improve software supply chain security and license compliance.
Key Features:
  • Generates SPDX 2.2 and 2.3 compliant documents
  • Supports container images and filesystem directory scanning
  • Automatically detects and packages Go modules
  • Integrates with CI/CD pipelines for automated SBOM generation
Use Cases:
  • Generating SBOMs for container images before deployment
  • Software supply chain security and compliance auditing
  • Vulnerability tracking through component inventory
Alternatives:
  • syft – Syft is another popular SBOM generator with broader language support but bom is Kubernetes-native
  • spdx-tools – General SPDX toolkit, bom provides more automated container-focused workflows
Version History
Detected Version Rev Change Commit
Oct 9, 2025 11:03am 0 VERSION_BUMP 108118cd
Sep 26, 2025 8:12am 0 VERSION_BUMP 35488fa0
Sep 25, 2025 1:55pm 0 VERSION_BUMP 8047d425
Sep 12, 2025 7:00pm 0 VERSION_BUMP dd374101