awesome-sbom
github.com/awesomesbom/awesome-sbom ↗A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles
Use this list with your AI agent
Add the Context Awesome MCP server to Claude, Cursor, or any MCP client, then ask:
"Show me security tools resources from awesome-sbom"
Installation instructions →What's inside
Community Repositories
- AIsbomSecurity Tools
CLI that scans AI models for malware and license risks and generates CycloneDX SBOMs.
- bomberSecurity Tools
bomber is an application that scans SBoMs for security vulnerabilities.
- NTIA Conformance CheckerSecurity Tools
Check SPDX SBOM for NTIA minimum elements
- parlaySecurity Tools
Enrich SBOMs with data from third party services
- SBOM-Operator for Kubernetes
- sbom-scorecardSecurity Tools
Generate a score for your sbom to understand if it will actually be useful.
Articles and Blogs
- Analysis of a cyclonedx-gomod generated SBOM
- Analysis of a spdx-sbom-generator generated SBOM
- Are SBOMs Any Good? Preliminary Measurement of the Quality of Open Source Project SBOMs
- Are SBOMs good enough for government work?
- Are you ready with your SBOM ? Think again !
- BOM 101 – All the questions you were afraid to ask Software Bill of Materials
Official projects
- anchore/syftRepositories
- AnthonyHarrison Distro2SBOMTools (and classification)
CycloneDX,SPDX
- AnthonyHarrison SBOM2docTools (and classification)
- AnthonyHarrison SBOM2dotTools (and classification)
- AnthonyHarrison SBOM4FilesTools (and classification)
CycloneDX,SPDX
- AnthonyHarrison SBOM4PythonTools (and classification)
CycloneDX,SPDX
CycloneDX
Podcasts
Videos
- FOSDEM 2023 - The 7 key ingredients of a great SBOM
The 7 key ingredients of a great SBOM
- Kubernetes Atlanta Meetup - Nov 2021 - SBOMs Container Signing and Verification, Intro to Gatekeeper
Nov 2021 - SBOMs Container Signing and Verification, Intro to Gatekeeper
- Mentorship Session: Generating Software Bill Of Materials
- Software Bill of Materials: How to generate an SBOM from container images using Syft
- SwiftBOM - generate SBOMs for PoC efforts and demos
generate SBOMs for PoC efforts and demos
SPDX
Benchmarks
Showing a sample of 93 resources. View the full list on GitHub →