Key Features

  • Beyond Manifests: xBom doesn’t just look at your declared dependencies. It analyzes your code to find actual evidence of AI SDKs, cloud service APIs, and other critical components, providing a true inventory of what your application uses.
  • Extensible Signatures: xBom uses a system of signatures to detect various components. You can add your own custom signatures to identify proprietary or less common tools, tailoring xBom to your specific needs. These signatures are maintained in a community-driven repository.
  • Robust Compliance: In an era of increasing focus on software supply chain security and transparency (e.g., Executive Orders, industry standards), xBom helps you meet these requirements by providing a detailed and accurate BOM. It’s a single tool to assist with various compliance needs.
  • Multi-ecosystem Support: xBom is designed to work with multiple programming languages and ecosystems. Currently, it actively supports Java and Python, with more languages like JavaScript in progress.