Is there any tool through which we can generate SBOM report ( SPDX / CycloneDX) for Windows programs ?
There are many tools available which can scan Linux OS packages and application packages ( e.g java , maven, .net) like Trivy,Syft,whitesource but it looks like there is no tool available which can generate SBOM report for the applications installed on Microsoft Windows.
Pls suggest.
Thanks Abdul Mohsin
On
There are many tools SBOM generation tools that run on Windows:
Here is a succinct review written by Julius Musseau from which I pulled this list: https://mergebase.com/blog/best-tools-for-generating-sbom/ The article doesn't explicitly state a date of publication but looking at the source looks like it was published August 2022 and possibly updated in September 2023.
You can try Microsoft sbom-tool https://github.com/microsoft/sbom-tool
Microsoft provides a tool that you can generate SBOM based on Microsoft GitHub NuGet package https://github.com/orgs/microsoft/packages?repo_name=sbom-tool.
This tool support projects that have a .NET project which can ingest packages from nuget.org or only projects that target .NET 6 or higher are supported,