What is an SBOM?

From the National Telecommunications and Information Administration (NTIA) SBOM FAQ: “A Software Bill of Materials (SBOM) is a complete, formally structured list of components, libraries, and modules that are required to build (i.e., compile and link) a given piece of software and the supply chain relationships between them. These components can be open source or proprietary, free or paid, and widely available or restricted access.”

The SBOM is a list of components in your software potentially vulnerable to cyberattacks.

What is SBOM Central?

SBOM Central is an easy-to-use service for uploading, managing, monitoring, and sharing your SBOMs. Read more at

SBOM Central consists of:

  1. A multi-tenant Web Service (WebApp) featuring a comprehensive web-based user interface and a RestAPI designed for seamless integration with CI/CD automation.
  2. A centralized Information Service with a vital role in delivering essential data to WebApp clients, including information regarding vulnerabilities, exploits, versions, licensing, and other relevant health details.

SBOM Central's main features:

  • Vulnerability detection: analyzing the components in your SBOMs, and presenting the status for published vulnerabilities, weaknesses, and exploits.
  • Continuous monitoring: monitors and updates security and health information for your SBOMs. Notifications can be provided for selected releases.
  • Management Tools: to manage risks and decide on vulnerability remediation and open-source licensing.
  • Software Health: providing health data regarding component versions and updates, project activity, and more.
  • FOSS Licensing: to manage open-source licensing to comply with organizational requirements.
  • WebApp & RestAPI: upload your SBOM documents through the WebApp user interface and/or the RestAPI.
  • Web tools to create artifacts and SBOM:s, and a Dictionary service to support naming and versioning.
SBOM Central currently consumes CycloneDX (v1.2-1.5) JSON input formats.