We support tracking dependencies in CycloneDX SBOM using files in JSON and XML formats.
We recommend naming your SBOM files .*bom.*\.json or .*bom.*\.xml to allow us to quickly identify them.
The actual supported features for your SBOM depend individually on the libraries that are included and individual package managers.
Supported file formats and features:
| Language | Supported File Formats | Root dependencies | Indirect dependencies | Dependency trees | Security Scanning | License Scanning | Root Fix |
| CycloneDX SBOM | bom.json | ✓ | ✓ |
| ✓ | ✓ | |
| bom.xml | ✓ | ✓ |
| ✓ | ✓ |
Have a look at the overview of all supported languages.
How do I analyze external SBOM files using Debricked? - video guide