Cyber Resilience Act

SBOM gap check

The Cyber Resilience Act requires a reliable software bill of materials (SBOM) and a process for handling vulnerabilities. Upload your SBOM (CycloneDX/SPDX) or a lockfile and we will scan its components against known vulnerabilities. Your file is processed for analysis only and is not stored.

CycloneDX/SPDX JSON or a lockfile (package-lock.json, yarn.lock, requirements.txt, go.mod …). Max 5 MB. Your file is not stored.

The scan runs server-side against a vulnerability database. Your file is processed for analysis only and is not stored.

Note: the SBOM gap check provides an automated, schematic initial assessment based on public vulnerability databases. It replaces neither a full security analysis nor individual legal advice.