Add Surfactant to list of Open Source Tools

[nightlark]

Support: Produce (Analyze, Edit), Transform (Translate, Merge)

Functionality: Surfactant provides a modular framework for extracting metadata and relationship information from a variety of different file types. The primary use is generating SBOMs from filesystems containing binaries files (such as PE or ELF files), however there is also some functionality for merging and editing SBOMs, in addition to rudimentary support for conversion between different SBOM formats.

Location: https://github.com/LLNL/Surfactant

Installation Instructions: In short, pip install surfactant. For more detailed instructions see https://surfactant.readthedocs.io/en/latest/getting_started.html#installation

How to Use: https://surfactant.readthedocs.io/en/latest/basic_usage.html

Versions Supported: SPDX 2.3

SBOM Types: Analyze

[goneall]

Thanks @nightlark - Looks like a very useful tool.

Can you update the description with information on how to specify SPDX format as either the input or output? It would be helpful to our community since SPDX isn't the default.

Also, if you have time, we could also add an SPDX quickstart guide that includes some of the information from the How to Use but a bit more specific to SPDX.