Is there any tool through which we can generate SBOM report ( SPDX / CycloneDX) for Windows programs ?
There are many tools available which can scan Linux OS packages and application packages ( e.g java , maven, .net) like Trivy,Syft,whitesource but it looks like there is no tool available which can generate SBOM report for the applications installed on Microsoft Windows.
Pls suggest.
Thanks Abdul Mohsin
You can try Microsoft sbom-tool https://github.com/microsoft/sbom-tool
Microsoft provides a tool that you can generate SBOM based on Microsoft GitHub NuGet package https://github.com/orgs/microsoft/packages?repo_name=sbom-tool.
This tool support projects that have a .NET project which can ingest packages from nuget.org or only projects that target .NET 6 or higher are supported,