fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool's strength.

Download the latest release archive from Github Releases for your os and arch.

Example

curl -L  -o fatbom.tar.gz  https://github.com/sbs2001/fatbom/releases/download/v0.0.1/fatbom_0.0.1_Linux_x86_64.tar.gz
sudo tar xvf fatbom.tar.gz -C /usr/local/bin/ fatbom

fatbom -s /path/to/scan

This command will create 2 files

• merged_sbom.json : It's a standard JSON SPDX SBOM, made by combining output of all SBOM tools.
• semi_merged_sbom.json. It contains SBOM generated by each tool.

• SBOM for last release
• Semi Merged SBOM for last release

• microsoft/sbom-tool
• kubernetes-sigs/bom
• opensbom-generator/spdx-sbom-generator
• anchore/syft