Introducing BOM Diggity
BOM Diggity is an open-source tool that generates a Software Bill of Materials (SBOM). It also scans for secrets, dependencies and open source license types.
Security Assurance
Easily identify and address vulnerabilities in your software stack with a well-maintained SBOM.
Compliance Confidence
Ensure compliance with licensing and legal requirements by having a clear understanding of your software's composition.
Enhanced Trust
Foster trust and transparency by disclosing your software's building blocks to users and stakeholders.
Operational Efficiency
Streamline maintenance, updates, and collaboration within your development teams.
Key Features
Diggity empowers developers, DevOps teams, and organizations in making SBOM generation and management a seamless part of their software development process through a range of useful features.
• Automated Scanning.
• Multiple SBOM Formats.
• Customization Options.
• Seamless Integration.
• Multiple SBOM Formats.
• Customization Options.
• Seamless Integration.
• Detailed Reporting.
• Secrets.
• Open-Source License Types.
• Dependencies
• Secrets.
• Open-Source License Types.
• Dependencies
SUPPORTED ECOSYSTEMS
Package Managers, Build Tools, and Plugins
Generate Software Bill of Materials (SBOMs) for your software projects using BOM Diggity's supported package managers, build tools, and plugins. Use the corresponding command or configuration for each ecosystem to create SBOMs for your software projects.
Languages
Diggity extends its support to various programming languages, allowing it to scan packages and components in projects written in these languages.
Supported Installation OS
BOM Diggity currently supports the following operating systems:
WINDOWS INSTALLATION
BOM Diggity is designed to optimize the security and compliance of your software programs, and it operates smoothly on the Windows OS' amd64 architecture.
MAC INSTALLATION
With its support for both arm64 and amd64 architectures, Diggity enables secure generation of SBOMs for container images and filesystems on any Mac operating system.
LINUX INSTALLATION
BOM Diggity can easily detect secrets in your container images. This tool can operate on various architectures of the Linux operating system, including amd64, arm64, ppc64le, and s390x.
Installation Guide
BOM Diggity is a code-driven analysis tool that maintains compliant and secure code. This page shows how to install Diggity open-source on its supported ecosystems.
Build
$ git clone https://github.com/carbonetes/diggity
$ go install
Recommended
curl -sSfL https://raw.githubusercontent.com/carbonetes/diggity/main/install.sh | sh -s -- -d /usr/local/bin
You can specify a release version and destination directory for the installation:
curl -sSfL https://raw.githubusercontent.com/carbonetes/diggity/main/install.sh | sh -s -- -d -v
Homebrew
brew tap carbonetes/diggity
brew install diggity
Scoop
brainiac -d .
Useful Commands and Flags
diggity [command] [flag]
Available Commands and their flags with description:
diggity config [flag]
| Root Flags | Description |
| -d --display | Displays the contents of the configuration file. |
| -h --help | Help for configuration. |
| -p --path | Displays the path of the configuration file. |
| -r --reset | Restores default configuration file. |
Output Formats
The output format for Diggity is configurable as well using the -o (or --output ) option:
The available formats are:
- table : A columnar summary (default).
- json : Use this to get as much information out of Diggity.
- cyclonedx-xml : An XML report conforming to the CycloneDX 1.4 specification.
- cyclonedx-json : A JSON report conforming to the CycloneDX 1.4 specification.
- spdx-tag-value : A tag-value formatted report conforming to the SPDX 2.2 specification.
- spdx-json : A JSON report conforming to the SPDX 2.2 JSON Schema format.
- spdx-yml : A YAML report conforming to the SPDX 2.2 YAML Schema format.
- github-json : A JSON report conforming to the dependency snapshot format of Github
Get started with BOM Diggity
GitHub
