Skills
.Work. You
Rest

sbom-analysis

Community

Comprehensive SBOM assessment for security and compliance.

Software Engineering#security#vulnerability#compliance#dependency analysis#supply chain#sbom
Authordo360now
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill enables detailed analysis of Software Bills of Materials (SBOMs), ensuring consistency, completeness, and security compliance.

Core Features & Use Cases

  • SBOM Format Identification: Determines whether the SBOM is CycloneDX 1.5 or SPDX 2.3 and checks structural validity.
  • NTIA Minimum Elements Verification: Assesses whether key metadata such as supplier, component name, version, and relationships are present and complete for compliance.
  • Risk and Vulnerability Analysis: Examines dependencies for known CVEs, transitive dependency risks, license conflicts, and stale dependencies.
  • VEX Status Interpretation: Reviews CSAF VEX documents to determine vulnerability impact and affected status.
  • Dependency Graph Construction: Maps direct and transitive dependencies, analyzing depth, orphan components, and high-risk dependencies.
  • License Conflict Detection: Identifies incompatible licenses and license omissions.

Quick Start

Invoke the sbom-analysis skill on your SBOM files to identify format, completeness, dependency vulnerabilities, and license risks immediately.

Dependency Matrix

Required Modules

None required

Components

references

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: sbom-analysis
Download link: https://github.com/do360now/security-agents/archive/main.zip#sbom-analysis

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.