# Generate SPDX SBOM with open-source tools {% hint style="info" %} [Contact us](mailto:support@medcrypt.com) for access to our SBOM generation tool {% endhint %} You can use several different open-source tools to generate your SBOM in SPDX format. We support SPDX 2.2 and 2.3 with JSON format. ## SPDX Software Bill of Materials (SBOM) generator * [spdx-sbom-generator tool](https://github.com/opensbom-generator/spdx-sbom-generator) enables generation of SPDX SBOMs with current package managers. It automatically determines which package managers or build systems are actually being used by your software components. * Works with Linux, Mac, and Windows. * Comes with a Dockerfile for you to maintain your own image. * has CLI (command-line interface) to generate SBOMs info, including components, licenses, copyrights, and security references of your software supply chain using SPDX v2.2 spec and aligning with NTIA known minimum elements. ## Yocto on Linux Refer to [Generate SBOM with Yocto on Linux](/get-started/dont-have-an-sbom/generate-spdx-sbom-with-open-source-tools/generate-sbom-with-yocto-on-linux.md). ## Kubernetes SBOM tool * [bom](https://github.com/kubernetes-sigs/bom) is a utility to create, view, and transform your Software Bills of Materials (SBOMs). It can generate SPDX packages from directories, container images, single files, and other sources. It also has a built-in license classifier that recognizes over 400 licenses in the SPDX catalog. * Supports Golang dependency analysis and full `.gitignore` support when scanning git repositories. ## Multi-Language (Microsoft and Syft SBOM tools) * Microsoft's [SBOM generation tool](https://github.com/microsoft/sbom-tool) (microsoft.sbom.tool) apparently can detect NPM, NuGet, PyPI, CocoaPods, Maven, Golang, Rust Crates, RubyGems, Linux packages within containers, Gradle, Ivy, GitHub public repos, and more. It uses Component Detection to generate your SBOM. * Generate your SBOM using Syft's [CLI tool and Go library](https://github.com/anchore/syft). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://helm.docs.medcrypt.com/get-started/dont-have-an-sbom/generate-spdx-sbom-with-open-source-tools.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.