SBOM (software bill of materials)

Microsoft recently used it in its internal SBOM（Software Bill of Materials, Software bill of materials ） Open source generation tools

This tool developed by Microsoft is called Salus, Can be found in Windows、Linux and Mac On the platform , And according to SPDX Specification generation SBOM. Microsoft will Salus It is positioned as 「 General purpose 、 Verified by the enterprise SBOM generator 」, It can be easily integrated into the workflow of software construction

Salus Automatic detection NPM、NuGet、PyPI、CocoaPods、Maven、Golang、Rust Crates、RubyGems、 Inside the container Linux software package 、Gradle、Ivy and GitHub Public Warehouse . besides ,Salus You can also refer to other SBOM file , For more complete dependencies

Reference resources ：

The project has been hosted to GitHub platform :https://github.com/microsoft/sbom-tool

SPDX：Clause 6: Document Creation Information - specification v2.2.2 (spdx.github.io)