Facebook Pixel

Introducing BOM Diggity

BOM Diggity is an open-source tool that generates a Software Bill of Materials (SBOM). It also scans for secrets, dependencies and open source license types.
Video of Command Prompt screen running BOM Diggity
Lock Icon
Security Assurance
Easily identify and address vulnerabilities in your software stack with a well-maintained SBOM.
Wrench Tool Icon
Compliance Confidence
Ensure compliance with licensing and legal requirements by having a clear understanding of your software's composition.
Shield-Check Mark Icon
Enhanced Trust
Foster trust and transparency by disclosing your software's building blocks to users and stakeholders.
Microchip Icon
Operational Efficiency
Streamline maintenance, updates, and collaboration within your development teams.

Key Features

Diggity empowers developers, DevOps teams, and organizations in making SBOM generation and management a seamless part of their software development process through a range of useful features.
•     Automated Scanning.
•     Multiple SBOM Formats.
•     Customization Options.
•     Seamless Integration.
• Detailed Reporting.
• Secrets.
• Open-Source License Types.
• Dependencies
Panel view of BOM Diggity Output Formats and Features
Tiles View of Supported Ecosystems Logo

Package Managers, Build Tools, and Plugins

Generate Software Bill of Materials (SBOMs) for your software projects using BOM Diggity's supported package managers, build tools, and plugins. Use the corresponding command or configuration for each ecosystem to create SBOMs for your software projects.


Diggity extends its support to various programming languages, allowing it to scan packages and components in projects written in these languages.

Supported Installation OS

BOM Diggity currently supports the following operating systems:
BOM Diggity is designed to optimize the security and compliance of your software programs, and it operates smoothly on the Windows OS' amd64 architecture.
With its support for both arm64 and amd64 architectures, Diggity enables secure generation of SBOMs for container images and filesystems on any Mac operating system.
BOM Diggity can easily detect secrets in your container images. This tool can operate on various architectures of the Linux operating system, including amd64, arm64, ppc64le, and s390x.

Installation Guide

BOM Diggity is a code-driven analysis tool that maintains compliant and secure code. This page shows how to install Diggity open-source on its supported ecosystems.


$ git clone https://github.com/carbonetes/diggity 
$ go install


curl -sSfL https://raw.githubusercontent.com/carbonetes/diggity/main/install.sh | sh -s -- -d /usr/local/bin
You can specify a release version and destination directory for the installation:
curl -sSfL https://raw.githubusercontent.com/carbonetes/diggity/main/install.sh | sh -s -- -d  -v  


brew tap carbonetes/diggity 
brew install diggity


brainiac -d . 

Useful Commands and Flags

diggity [command] [flag] 

Available Commands and their flags with description:

diggity config [flag] 
Root Flags Description
-d --display Displays the contents of the configuration file.
-h --help Help for configuration.
-p --path Displays the path of the configuration file.
-r --reset Restores default configuration file.

Output Formats

The output format for Diggity is configurable as well using the -o (or --output ) option:
The available formats are:

Get started with BOM Diggity