Hi everyone,
I’ve been exploring practical ways to improve software transparency for industrial automation projects, especially with growing expectations around compliance and traceability.
As a small engineering contribution, I put together a Python-based SBOM generator for B&R Automation Studio 6 projects.
It scans an AS6 project and produces CycloneDX 1.5 JSON SBOMs per configuration, using project metadata plus installation/runtime library information where available. Referencing all used B&R components.
What it currently does:
- Reads project information from Logical, Physical, and APJ data
- Generates one SBOM file per configuration
- Supports optional export of additional technology and system libraries
- Marks uncertain entries so they can be reviewed manually
Run on the included example:
python src/automation_sbom_parserV1.py example/Repro6
Important:
After generation, please search for “TO BE CHECKED BY USER” in the SBOM and review/update those entries manually.
I would be very happy to get feedback from others:
- Does it work well on your AS6 projects?
- Any missing components or metadata you would expect?
- Suggestions for AS4 compatibility and parser improvements are very welcome.
Feel free to check it out on br-automation-community/ASW6_Application_SBOM
Also check out CycloneDX 1.5 SBOM from SDM system dump - Share Info & Ideas / Code & Libraries - B&R Community for a different approach.
Best regards
Fabian
Thanks for supporting 
@alexander.hefner @kovarj @werner1m @patricthysell
