sbom.link

SBOMLINK

Free SBOM viewer and sharing tool

Latest Shared

bom(10).jsonCycloneDX 1.5 bom(10).jsonCycloneDX 1.5 test1-20250307-215208.sbom.cdx.jsonCycloneDX 1.6 kubernetescluster-20250220-115512.sbom.cdx.jsonCycloneDX 1.6 otp-27.2.1.cdx.jsonCycloneDX 1.6 glamox-lms_Connect_26e544.jsonSPDX 2.3 icee-20250203-150134.sbom.cdx.jsonCycloneDX 1.6 test-20250131-141426.sbom.cdx.jsonCycloneDX 1.6 pimcore:platform-version.jsonCycloneDX 1.6 project1-20250103-123111.sbom.cdx.jsonCycloneDX 1.6

FAQs

What is SBOM link?

SBOM link is a free SBOM viewer and sharing tool. It provides a human readable summary of your SBOM that can be shared with a permanent link.

What is an SBOM?

Software Bill of Materials (SBOM) is a nested inventory, a list of ingredients that make up software components (systems, applications or libraries).

Why do I need an SBOM?

SBOMs are useful for tracking what is in a software package. They can be used to analyze security vulnerabilities, licensing information, and other important information.

How do I create an SBOM?

There are many tools, open source and commercial, that can generate an SBOM from a source repository or container image. Prominent open source alternatives are Trivy, Syft, maven-cyclonedx-plugin and many more.

Who can see my shared SBOM?

Anyone with the link can see your SBOM. Make sure to keep the link private if you don't want others to see it.

What formats and standards are supported?

SBOM link supports SPDX 2.x and CycloneDX 1.x standards, in JSON, XML and tag-value formats.

How long will a shared SBOM be available?

We are committed to keep shared SBOMs online permanently. The site is funded by https://sbom.observer which depends on this site for sharing SBOMs publicly.

How do I verify that a shared SBOM is not tampered with?

Shared links are of the format /share/[uuid]/[sha-256]/[filename]. To verify that the contents have not been tampered with you can download and compare the sha-256 hash of the file with the hash in the URL.