SBOM Generator

intermediatesecurityMin 16K context

Generates and validates Software Bills of Materials in CycloneDX or SPDX formats. Covers dependency inventory, transitive resolution, license and vulnerability annotation, VEX statements, container image SBOMs, and CI integration for supply-chain compliance. Helps teams meet regulatory requirements and track what is actually shipped.

Use Cases

  • Generating a CycloneDX or SPDX SBOM for a project
  • Producing SBOMs for container images
  • Annotating components with licenses and CVEs
  • Adding VEX statements for known vulnerabilities
  • Integrating SBOM generation into CI

Example Prompt

Set up SBOM generation for our application and CI pipeline. Provide:
1. A recommended tool and format (CycloneDX/SPDX) for [stack]
2. Commands to generate SBOMs for source and container image
3. License and vulnerability annotation approach
4. A VEX workflow for triaging findings
5. A CI step that publishes the SBOM as an artifact

Recommended Models

Compatible Tools

claude-codekiroany

Modalities

Input: text, code
Output: text, code

Related Skills

Author

OpenModels Community

@openmodelsrun