SbomScanner
CycloneDX · SPDX · NTIA SBOM← All work

SBOM vulnerability + license scan, per package.

52 seeded packages (direct + transitive) across a realistic Node.js + Python stack. SbomScanner matches each version against CVE feeds, classifies licenses across permissive/copyleft/proprietary, and flags EOL upstream versions. The shape behind a working NTIA SBOM compliance program.

SBOM packages · 0
PackageEcosystemLicenseCVEsEOLDepth
SbomScanner · offline · seeded · zero telemetry · case study
built by fadaly.net