Versions:
SBOM Tool, published by Microsoft, is a command-line utility designed to generate SPDX 2.2 compatible Software Bill of Materials (SBOM) files at scale, enabling organizations to inventory the components embedded in any build artifact. Built for enterprise pipelines, the current release 4.1.5 is the seventh public iteration and continues to focus on speed, deterministic output, and friction-less integration with existing CI/CD workflows. Because it accepts container images, NuGet packages, Maven artifacts, npm tarballs, or simply a folder of binaries, the tool is equally useful for compliance teams that must provide auditors with a complete dependency manifest, security teams that need to track vulnerable or license-restricted packages, and release engineers who want to attach an SBOM to every published artifact before it reaches production. The resulting JSON SPDX document lists all files, packages, and their checksums, and can be stored alongside the artifact or uploaded to a central repository for downstream policy checks. SBOM Tool is categorized under Developer Tools / Security & Compliance and supports parallel scanning of large codebases through configurable concurrency, automatic license detection, and extensible manifest providers that map internal package managers to SPDX fields without manual templating. Microsoft maintains the open-source codebase on GitHub, publishes signed binaries for Windows, Linux, and macOS, and ships detailed documentation for Azure DevOps, GitHub Actions, and Jenkins. The software is available for free on get.nero.com, with downloads provided via trusted Windows package sources (e.g. winget), always delivering the latest version, and supporting batch installation of multiple applications.
Tags: