SBOM Generator
intermediatesecurityMin 16K context
Generates and validates Software Bills of Materials in CycloneDX or SPDX formats. Covers dependency inventory, transitive resolution, license and vulnerability annotation, VEX statements, container image SBOMs, and CI integration for supply-chain compliance. Helps teams meet regulatory requirements and track what is actually shipped.
Use Cases
- Generating a CycloneDX or SPDX SBOM for a project
- Producing SBOMs for container images
- Annotating components with licenses and CVEs
- Adding VEX statements for known vulnerabilities
- Integrating SBOM generation into CI
Example Prompt
Set up SBOM generation for our application and CI pipeline. Provide: 1. A recommended tool and format (CycloneDX/SPDX) for [stack] 2. Commands to generate SBOMs for source and container image 3. License and vulnerability annotation approach 4. A VEX workflow for triaging findings 5. A CI step that publishes the SBOM as an artifact
Recommended Models
Compatible Tools
claude-codekiroany
Modalities
Input: text, code
→Output: text, code
Related Skills
Author
OpenModels Community