Software Bill of Materials (SBOM)

OPSWAT SBOM (Software Bill of Materials) analyzes third-party packages in source code and containers, generates an inventory of these software components, and identifies known vulnerabilities affecting them. It also detects component licenses and can enrich existing CycloneDX and SPDX reports with missing vulnerability and license data. With SBOM, users can scan and track dependencies in large codebases to understand the risks associated with open-source software (OSS) and secure their applications.

To enable this engine, please go to Workflow > Workflow name > SBOM


Support:

  • Source code

  • Container

  • CyclonceDX, SPDX report from external tools.