SBOM Generator

The tool supports common dependency file formats including package.json and package-lock.json for Node.js/JavaScript projects, requirements.txt and Pipfile for Python projects, go.mod for Go projects, pom.xml for Java/Maven projects, and Cargo.toml for Rust projects. Simply paste or upload your dependency file to get started.

The tool generates SBOMs in industry-standard formats including CycloneDX (JSON and XML) and SPDX (JSON and tag-value). CycloneDX is widely used in DevSecOps pipelines, while SPDX is an ISO standard commonly used for license compliance. Choose the format that matches your tooling and compliance requirements.

The tool cross-references your dependencies against known vulnerability databases to identify components with security issues. It displays vulnerability severity levels and CVE identifiers, helping you prioritize remediation efforts. This is a static analysis based on version matching and does not require network access to your codebase.

The generated SBOM includes license information for each component when available from the dependency file. The license analysis view helps you identify components using various open-source licenses, making it easier to ensure compliance with your organization license policies and legal requirements.

Yes, all SBOM generation happens entirely in your browser. Your dependency files are processed client-side using JavaScript and are never uploaded to any server. The generated SBOM remains on your device until you choose to download or copy it.