SBOM Management

Software Bill of Materials generation and management

☰

SBOMs are generated via the CLI

Use the SourceSeal CLI to generate Software Bill of Materials in SPDX or CycloneDX format. SBOMs are attached to attestations and stored alongside the artifact hash on-chain.

CLI Commands

Generate an SBOM for a project

sourceseal sbom generate <path>

Generate SBOM in CycloneDX format

sourceseal sbom generate --format cyclonedx <path>

View an existing SBOM

sourceseal sbom view <sbom-hash>

Attach SBOM to attestation during signing

sourceseal sign --sbom <path-to-sbom> <artifact>

SPDX 2.3

Linux Foundation standard. Widely supported in enterprise and government procurement.

Supported

CycloneDX 1.5

OWASP standard. Excellent for vulnerability tracking and component analysis.

Supported