CycloneDX SBOM
See a breakdown of the file formats and features supported in CycloneDX SBOM.
We support tracking dependencies in CycloneDX SBOM using files in JSON and XML formats.
We recommend naming your SBOM files .*bom.*\.json or .*bom.*\.xml to allow us to quickly identify them.
The actual supported features for your SBOM depend individually on the libraries that are included and individual package managers.
Supported file formats and features
| Language | Supported File Formats | Root dependencies | Indirect dependencies | Dependency trees | Security Scanning | License Scanning | Root Fix | Pull Request | Vulnerable Functionality | High Performance Scan |
|---|---|---|---|---|---|---|---|---|---|---|
CycloneDX SBOM | bom.json | Yes* | ||||||||
CycloneDX SBOM | bom.xml | Yes* |
*This is a native lock file format. Native lock file formats are the fastest formats to scan.
Analyzing external SBOM files using Debricked - video guide
Last updated
