SBOM Transformation Tools

apko

apko produces SBOM documents and provides an SBOM composition functionality

Tool data: CDX2SPDX TOOL27 ../_images/arrow-right-circle.svg
tool: CDX2SPDX
generation: no
consumption: no
transformation: yes
cyclonedx: yes
spdx: yes

CDX2SPDX

CDX2SPDX is a Java tool that converts CycloneDX SBOMs to SPDX.

Tool data: DaggerBoard TOOL28 ../_images/arrow-right-circle.svg
tool: DaggerBoard
consumption: yes
vulnerabilty_scanning: yes
cyclonedx: yes
spdx: yes

SBOM Composer

SBOM Composer is a tool that serves for composing SPDX SBOM files into a single SPDX document. Not restricted by the contents of the composable SBOMs, as long as they are valid SPDX. The version of the final document is the latest amongst all composed.

Tool data: DaggerBoard TOOL29 ../_images/arrow-right-circle.svg
tool: DaggerBoard
consumption: yes
vulnerabilty_scanning: yes
cyclonedx: yes
spdx: yes

Tejolote

Tejolote is a tool that consumes SBOMs and generates SLSA provenance attestations about build runs.