Thanks to visit codestin.com
Credit goes to Github.com

Skip to content
/ nix2sbom Public

nix2sbom extracts the CycloneDX and SPDX SBOM (Software Bill of Materials) from a Nix derivation

License

MIT license
15 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

louib/nix2sbom

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

266 Commits
.github
.github
 
 
src
src
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
flake.lock
flake.lock
 
 
flake.nix
flake.nix
 
 
rustfmt.toml
rustfmt.toml
 
 

Repository files navigation

nix2sbom

GitHub Release FlakeHub GitHub Build Status Dependency Status License File

nix2sbom extracts the SBOM (Software Bill of Materials) from a Nix derivation

📚 Documentation is here

Features

  • Supports CycloneDX 1.4 format
  • Supports SPDX 2.3 format (Experimental)
  • Supports JSON and YAML serialization formats
  • Generates a SBOM for your current NixOS system
  • Detects and handles patches
  • Discovers git URLs (using archive URLs)

Using

In GitHub Actions

Here is an example of how to generate an SPDX manifest for your nix flake in a GHA workflow:

  generate-sbom-manifests:
    name: Generate SPDX SBOM manifest
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Install Nix
      - uses: DeterminateSystems/nix-installer-action@da36cb69b1c3247ad7a1f931ebfd954a1105ef14 # v14

      - name: Install nix2sbom
        uses: EricCrosson/install-github-release-binary@681cc3de7c5c5ac935b1a2a19e4e0c577c4d3027 # v2.3.4
        with:
          targets: louib/nix2sbom/[email protected]

      - name: Generate the SPDX manifest
        run: |
          nix2sbom .# -f spdx > sbom.spdx.json

Installing

With Nix

Assuming that you have enabled both the flakes and nix-command experimental features:

nix profile install github:louib/nix2sbom

With Cargo

cargo install --path .

About

nix2sbom extracts the CycloneDX and SPDX SBOM (Software Bill of Materials) from a Nix derivation

Topics

security nix nixos supply-chain spdx software-bill-of-materials purl sbom github-actions cyclonedx supply-chain-security sbom-generator

Resources

Readme

License

MIT license

Contributing

Contributing
Activity

Stars

15 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases 32

v2.8.3 Latest
Sep 20, 2025
+ 31 releases

Contributors 3

  •  
  •  
  •  

Languages