SPDX 3 SBOM Visualizer

Drop one or more SPDX 3 (3.0 / 3.1) JSON-LD files to explore

Multiple files will be merged — cross-references resolved automatically

Drag & drop your .json or .jsonld files here

or

or explore sample SBOMs

View & fork on GitHub

Created by Benjamin Cabé

SPDX Created By

Browse this SBOM

Only data present in this document is shown.

click to show/hide Nodes: Edges:
Filter by most-used extension:

Supply Chain

Transport CO₂e
·
Timeline
No supply-chain elements match these filters
requirements
No licenses found
Public vulnerability databases
OSV NVD
NVD options · bundled index · live lookup
NVD source
Use a pre-indexed local NVD snapshot (fast) or query NVD live (slower).
This product uses data from the NVD but is not endorsed or certified by the NVD. CVE is a registered trademark of MITRE. See the NVD Terms of Use.
No additional vulnerabilities were found online for this SBOM's components.
Referenced files in this SBOM
Severity
Source
No vulnerabilities match your filters No known vulnerabilities were found in the SBOM or online. This SBOM carries no vulnerability data. Use “Check public databases” above to look up known CVEs by PackageURL and CPE.

No build configurations found

Try a different search or load an SPDX file with build info

Build

Build ID
Created
Build steps
Environment entries
Parameters
Config Sources
Build Parameters

Build Steps

Build Tools

Generated Artifacts

People, organizations, and software agents referenced across the document — and everything they created, supplied, originated, or manufactured.

No agents match your filter.

Statistics

Quality, structure, and relationship signals for this SBOM.

/ 100

SBOM Quality Score

A completeness score across this document's packages, weighted over five categories based on the NTIA "minimum elements" baseline. It is not a security or license-compliance measure; see the breakdown below for what to fix first.

Relationship Repartition

Graph-visible relationship edges by type. Switch scope to isolate lifecycle layers.

No graph-visible relationships in this document.
Click a slice to open the graph focused on that relationship type and scope.

NTIA Minimum Elements

Cross-checked with spdx/ntia-conformance-checker in CI

Category Breakdown

Categories with nothing to measure in this document (e.g. no files) are excluded and the remaining weights are renormalized.

License Family Exposure

Best-effort classification by license id — a heuristic, not legal advice.

Supply-Chain Concentration

Packages the most other packages depend on — the highest-impact links if compromised.

External Reference Resolution

Elements this document references but doesn't define (SPDX ExternalMap imports).

Resolved
Unresolved

Vulnerability Triage

How much of this document's known vulnerabilities have a resolved VEX status.

Resolved
Still open
Unknown

Remediation

Triage concrete SBOM data gaps and open risk findings.

Category
Severity
No remediation findings

The loaded SBOM does not currently produce actionable remediation findings.

No findings match these filters

Online scan finding

This vulnerability was found by a public-database scan, not carried by the loaded SBOM. Everything else about it is shown just like an in-SBOM vulnerability.

Matched components
External reference not loaded

This element is defined outside the loaded document(s). Load the source below to resolve its full details.

Location hint
Defining artifact
Imported by
Asserted integrity
Manufacturer
Safety status
Evaluation
Version
Size
Summary
Description
Homepage
Download location
Identifiers
Copyright
Note
Key Flags
Defines
Build ID
Build Type
Command
Environment
Build Parameters
Verification
Loading CVE details…

Source: CVE Program · cve.org
VEX assessments
Why it's here
What depends on it
direct · transitively
Vulnerabilities (VEX)
Email
Not linked to any elements in the loaded document(s).
No relationships found
Source
Loading source…
Could not load source:
Source not available for this file.
License exception
Loading license text…

    
What's new
SPDX 3 SBOM Visualizer
No matches for “
navigate open