SBOM Tool Azure DevOps ExtensionUnofficial Azure DevOps extension for microsoft/sbom-tool. Sbom-tool runs locally on your pipeline agent without the need for subscriptions, account sign-ups, or shipping your data to a third-party service; All generated manifest files are published directly to your build artifacts and can be viewed in a human-friendly format from the "SBOM" build result tab. Check referenced packages for known vulnerabilities against the GitHub Advisory Database. View referenced packages, including the package manager, type, dependency hierarchy, license, supplier, and vulnerability counts: View manifest relationships as a network graph or export to SVG. Export manifest objects to XLSX workbook. InstallInstall the extension from the Visual Studio marketplace. UsageIn YAML pipelines:
The SBOM manifest files will be uploaded to the build artifacts, under the Advanced |