A Software Bill of Materials (SBOM) provides transparency by documenting software component metadata and dependencies. However, SBOM adoption depends on tool ecosystems. With two dominant formats: SPDX and CycloneDX - the ecosystems vary significantly in maturity, tool support, and community engagement. We conduct a quantitative comparison of use cases for 170 publicly advertised SBOM tools, identifying enhancement areas for each format. We compare health metrics of both ecosystems (171 CycloneDX versus 470 SPDX tools) to evaluate robustness and maturity. We quantitatively compare 36,990 issue reports from open-source tools to identify challenges and development opportunities. Finally, we investigate the top 250 open-source projects using each tool ecosystem and compare their health metrics. Our findings reveal distinct characteristics: projects using CycloneDX tools demonstrate higher developer engagement and certain health indicators, while SPDX tools benefit from a more mature ecosystem with broader tool availability and established industry adoption. This research provides insights for developers, contributors, and practitioners regarding complementary strengths of these ecosystems and identifies opportunities for mutual enhancement.

翻译：软件物料清单通过记录软件组件元数据与依赖关系提供透明度。然而SBOM的采用依赖于工具生态系统。当前存在两种主流格式：SPDX与CycloneDX——两者的生态系统在成熟度、工具支持及社区参与度方面存在显著差异。本研究对170款公开宣传的SBOM工具进行用例量化比较，识别出各格式的改进领域。通过对比两大生态系统（171款CycloneDX工具与470款SPDX工具）的健康指标，评估其稳健性与成熟度。基于开源工具的36,990份问题报告进行量化分析，揭示挑战与发展机遇。最后，调查使用各工具生态系统的前250个开源项目并比较其健康指标。研究发现：使用CycloneDX工具的项目展现出更高的开发者参与度及特定健康指标，而SPDX工具则受益于更成熟的生态系统、更广泛的工具可用性及稳固的行业采用基础。本研究为开发者、贡献者与实践者揭示了两大生态系统的互补优势，并指出了协同发展的潜在路径。