Create SBOM from Guix Since Nov. 12th 2025, GNU Guix can be used to create a complete SBOM in cyclonedx json format for all packaged software: guix graph guile --backend=cyclonedx-json | head ; echo ... { "bomFormat": "CycloneDX", "specVersion": "1.6", "metadata": { "timestamp": "2025-12-29T19:24:18Z", "tools": { "components": [ { "type": "operating-system", "name": "guix" ... To only create an SBOM of a specific depth, use --max-depth=N: guix graph guile --backend=cyclonedx-json | grep '"name":' | wc -l guix graph guile --backend=cyclonedx-json --max-depth=1 | grep '"name":' | wc -l 11 10 In short: guix graph guile -b cyclonedx-json -M 1 To create an SBOM for a non-packaged tool, create a local guix.scm file, then you can graph from that. With the example of dryads-wake: cd /path/to/dryads-wake && \ guix graph -L . -e '(load "guix.scm")' -b cyclonedx-json | grep '"name":' | wc -l && \ # => 172 guix graph -L . -e '(load "guix.scm")' -b cyclonedx-json -M1 | grep '"name":' | wc -l # => 13