Integrate the Microsoft SBOM Tool with Vulnetix. Generate SPDX 2.2 or 3.0 SBOMs for any project by detecting components across 10+ package ecosystems. Upload the SPDX JSON to Vulnetix.

.NET, Node.js, Python, Go, Java, Ruby, Rust, and moreCLI toolSPDX

Install & scan

$ # Linux/macOS binary
curl -Lo sbom-tool https://github.com/microsoft/sbom-tool/releases/latest/download/sbom-tool-linux-x64
chmod +x sbom-tool && sudo mv sbom-tool /usr/local/bin/

# macOS Homebrew
brew install sbom-tool

# .NET Global Tool
dotnet tool install --global Microsoft.Sbom.DotNetTool
$ sbom-tool generate   -b .   -bc .   -pn my-project   -pv 1.0.0   -ps my-organisation   -nsb https://my-organisation.com/sbom

Run Microsoft SBOM Tool in CI

Scan on every push and upload the results to Vulnetix:

- name: Generate SPDX SBOM
  run: |
    curl -Lo sbom-tool https://github.com/microsoft/sbom-tool/releases/latest/download/sbom-tool-linux-x64
    chmod +x sbom-tool
    ./sbom-tool generate       -b . -bc .       -pn ${{ github.repository }}       -pv ${{ github.sha }}       -ps my-org       -nsb https://my-org.com/sbom

- name: Upload SBOM to Vulnetix
  run: vulnetix upload --file _manifest/spdx_2.2/manifest.spdx.json

Centralise Microsoft SBOM Tool results in Vulnetix

Upload Microsoft SBOM Tool SPDX output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.

Microsoft SBOM Tool documentation ↗ · Source repository ↗

Wire Microsoft SBOM Tool into your CI/CD pipeline →

Microsoft SBOM Tool Integration Guide

Install & scan

Run Microsoft SBOM Tool in CI

Centralise Microsoft SBOM Tool results in Vulnetix