voltone
SBoM - Mix task to generate a Software Bill-of-Materials (SBoM)
Generates a dependency inventory, or “Software Bill-of-Materials” (SBoM), including package versions and licenses, in a format that can be imported into free or commercial tools for Software Composition Analysis. Currently supports CycloneDX format.
Hex: sbom | Hex
Hexdocs: SBoM v0.10.0 — Documentation
GitHub: GitHub - erlef/mix_sbom: Mix task to generate a Software Bill-of-Materials (SBoM) in CycloneDX format · GitHub
Blog post, showing the creation of a combined Hex/NPM SBoM for a Phoenix project, including loading the result into an OWASP Dependency-Track server: https://blog.voltone.net/post/24
2025 Update:
Most Liked
voltone
Ownership of the sbom package has been transferred to the EEF Security WG. The project is now hosted here.
Version 0.8.0 has been released, with too many enhancements and fixes to list here; please check the full release notes. Thanks to @maennchen for picking this up and making this huge leap forward happen!
hauleth
I have created GitHub Action for generating SBoM using this project. I hope that this will help with adoption.
voltone
Version 3.7.1 of OWASP Dependency-Track comes with Hex integration, flagging available package updates:
Popular in Announcing
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #elixirconf-us
- #advent-of-code
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #hex










