bomtool - Man Page

bomtool is a program which generates a textual SPDX 2.0 software bill of materials (SBOM) for a given set of pkg-config modules. The output of this tool can then be translated into other SBOM formats as necessary.

The options are as follows:

--about

Print the version number, the Copyright notice, and the license of the bomtool program to standard output and exit. Most other options and all command line arguments are ignored.

--version

Print the version number of the bomtool program to standard output and exit. Most other options and all command line arguments are ignored.

PKG_CONFIG_DEBUG_SPEW

If set, print debugging messages to stderr.

PKG_CONFIG_IGNORE_CONFLICTS

If set, ignore Conflicts rules in modules. Has the same effect as the --ignore-conflicts option in pkgconf(1)

PKG_CONFIG_LIBDIR

A colon-separated list of low-priority directories where pc(5) files are looked up. The module search path is constructed by appending this list to PKG_CONFIG_PATH, which enjoys higher priority. If PKG_CONFIG_LIBDIR is not defined, the default list compiled into the bomtool program from the PKG_DEFAULT_PATH preprocessor macro is appended instead. If PKG_CONFIG_LIBDIR is defined but empty, nothing is appended.

PKG_CONFIG_MAXIMUM_TRAVERSE_DEPTH

Impose a limit on the allowed depth in the dependency graph.

PKG_CONFIG_PATH

A colon-separated list of high-priority directories where pc(5) files are looked up.

PKG_CONFIG_PRELOADED_FILES

Colon-separated list of pc(5) files which are loaded before any other pkg-config files. These packages are given highest priority over any other pc(5) files that would otherwise provide a given package.

The bomtool utility exits 0 on success, and >0 if an error occurs.

Generating an SBOM for the package named foo:

$ bomtool foo

SPDXVersion: SPDX-2.2

DataLicense: CC0-1.0

SPDXID: SPDXRef-DOCUMENT

DocumentName: SBOM-SPDX-fooC641.2.3

DocumentNamespace: https://spdx.org/spdxdocs/bomtool-2.4.3

Creator: Tool: bomtool 2.4.3

[...]

pc(5), pkgconf(1)