Skip to main content
A Software Bill of Materials (SBOM) is a complete inventory of the components your software depends on, along with security metadata such as known vulnerabilities and licenses. The common interchange format is CycloneDX.

SBOM and xBOM

  • A plain SBOM lists the dependencies declared in your manifests and lockfiles. Vet generates a CycloneDX SBOM as part of a scan.
  • An xBOM goes further: xBom analyzes your source code to also surface AI SDKs, SaaS APIs, and cryptographic usage that never appear in a manifest.
Use Vet’s SBOM for dependency inventory. Reach for xBom when you also need to see the AI, SaaS, and crypto components your code actually uses.

Why it matters

An accurate inventory underpins vulnerability management, license compliance, and regulatory requirements. You cannot secure what you have not inventoried.

CycloneDX SBOM

Generate an SBOM with Vet.

xBom

Enriched BOMs from static code analysis.

Dependency Inventory

Inventory your dependencies with Vet.