bomber
« Back to VersTracker
Description:
Scans Software Bill of Materials for security vulnerabilities
Type: Formula  |  Latest Version: 0.5.1@0  |  Tracked Since: Dec 17, 2025
Links: Homepage  |  formulae.brew.sh
Category: Security
Tags: sbom security vulnerability devsecops cli
Install: brew install bomber
About:
Bomber is a command-line utility that scans Software Bill of Materials (SBOMs) to identify known security vulnerabilities. It supports multiple SBOM formats including CycloneDX and SPDX, integrating with vulnerability databases like OSV and NVD. The tool helps developers assess the security posture of their software dependencies early in the supply chain.
Key Features:
  • Multi-format SBOM support (CycloneDX, SPDX)
  • Integration with OSV and NVD vulnerability databases
  • Output formatting options (JSON, table, etc.)
  • CLI tool designed for CI/CD pipelines
Use Cases:
  • Scanning SBOMs generated during the build process for vulnerabilities
  • Auditing third-party software dependencies for known security risks
  • Integrating security checks into DevSecOps workflows
Alternatives:
  • grype – Grype is a widely used scanner that also works directly on container images and filesystems, whereas bomber focuses primarily on SBOM documents.
Version History
Detected Version Rev Change Commit
Oct 10, 2025 2:55am 0 VERSION_BUMP d6f3c6ce
Sep 12, 2025 6:42pm 0 VERSION_BUMP 1d316e5a
« Back to VersTracker  |  Browse Packages  |  About