CycloneDX SBOM

We support tracking dependencies in CycloneDX SBOM using files in JSON and XML formats.

You must name your SBOM files in one of the following ways; .*bom.*\.json, .*cdx.json, .*cdx.xml or .*bom.*\.xml to allow us to identify them as CycloneDX SBOMs.

The actual supported features for your SBOM depend individually on the libraries that are included and individual package managers.

Supported file formats and features

*This is a native lock file format. Native lock file formats are the fastest formats to scan.

Analyzing external SBOM files using Debricked - video guide