> ## Documentation Index > Fetch the complete documentation index at: https://docs.safedep.io/llms.txt > Use this file to discover all available pages before exploring further. # xBom Quickstart > Get started with SafeDep xBom, an open source Bill of Materials generator enriched with AI and SaaS usage detected from source code. View the xBom source code and contribute on GitHub **xBom** generates a Bill of Materials (BOM) enriched with AI components, SaaS integrations, and more. It uses static code analysis to find these in your code, not just your declared dependencies. ## Installation Install xBom using one of the following methods: **macOS & Linux (Homebrew):** ```bash theme={null} # Installation on macOS & Linux brew install safedep/tap/xbom ``` **Pre-built binary:** Download a **[pre-built binary](https://github.com/safedep/xbom/releases)** for your operating system from the GitHub releases page. ## Generating Your First BOM To generate a BOM for your source code, use the `generate` command: ```bash theme={null} # Generate BOM for your source code xbom generate --dir /path/to/your/code --bom /path/to/output/bom.cdx.json ``` Replace `/path/to/your/code` with your project directory and `/path/to/output/bom.cdx.json` with your desired output path. The output is an SBOM in **[CycloneDX v1.6 JSON format](https://cyclonedx.org/docs/1.6/json/)**, including any AI components and other supported elements detected in the codebase. ## Supported Languages Currently, `xbom` supports the following programming languages: | Language | Status | | ---------- | ------------------------------------------------------- | | Python | | | Java | | | JavaScript | | We are continuously working to expand language support. ## Supported BOM Types xBom specializes in identifying a variety of components beyond traditional libraries. ### AI Components xBom detects usage of AI SDKs and services, including: * LangChain * Anthropic * CrewAI * OpenAI ### Cloud Services xBom also identifies integrations with major cloud platforms: * Google Cloud Platform (GCP) * Microsoft Azure To request support for a new AI framework or cloud service, please{" "} create an issue on our GitHub repository ## HTML report The primary output is a CycloneDX JSON file. xBom also prints a link to an interactive HTML report so you can browse the detected components in a browser.
xbom-demo
### Limitations **Current focus (AI BOM generation):** `xbom` is currently focused on AI BOM generation. It uses static code analysis to identify AI products, SaaS APIs, and similar non-library components in your codebase. **For full dependency SBOMs:** To generate an SBOM covering open-source library dependencies from manifest files, use [Vet](https://github.com/safedep/vet) alongside xBom. `vet` specializes in dependency analysis and vulnerability management, and the two tools together cover more of the software supply chain. ### Telemetry **Purpose:** `xbom` collects anonymous usage telemetry to show which integrations and use cases are common, guiding what to build next. It collects no personally identifiable information or sensitive data. **How to disable:** Set the `XBOM_DISABLE_TELEMETRY` environment variable to `true`: ```bash theme={null} export XBOM_DISABLE_TELEMETRY=true ``` What xBom is and how it works. SBOM versus xBOM, explained. Generate a standard SBOM with Vet. Source and signature contributions.