Overview

SBOM Security Dashboard

Analyze Software Bill of Materials for security vulnerabilities, compliance issues, and supply chain risks using the SAFE-MCP framework aligned with NIST SP 800-53 controls.

Upload Scan Results

Drag and drop or to upload

CycloneDX

SBOM JSON

modelaudit

Scan JSON

OSCAL

Catalog/SSP

XCCDF

Checklist XML

JSON / XML|OSCAL Docs|XCCDF Spec
How to Use This Dashboard

Getting Started

  1. 1Generate an SBOM from your project using tools like syft, cyclonedx-cli, or your build system
  2. 2Upload the JSON file using the button above (supports CycloneDX and SPDX formats)
  3. 3Review the security analysis, vulnerability findings, and compliance status
  4. 4Use the PURL lookup to check individual packages against OSV.dev vulnerability database

Features

  • SAFE-MCP Analysis - Detects agentic AI attack techniques with NIST 800-53 mapping and mitigations
  • CVE Detection - Identifies known vulnerabilities with CWE/CAPEC/EPSS data
  • PURL Lookup - Query OSV.dev for real-time vulnerability information
  • License Analysis - Review component licenses and compliance risks
  • VEX Annotations - Add vulnerability exploitability statements
Supported File Formats

CycloneDX SBOM

JSON (v1.4-1.6)

SPDX SBOM

JSON (v2.2-2.3)

ModelAudit Scan

JSON results

CSAF/VEX

Advisory documents

SAFE-MCP Framework |OSV.dev |NVD |NIST 800-53