SBOMVert
Generate, compare, and unify SBOMs and vulnerability reports
SBOMVert is an open-source utility designed to simplify the comparison, normalization, and harmonization of Software Bills of Materials (SBOMs) across different formats and tooling ecosystems.
As organizations increasingly adopt SBOMs for software supply chain security, they often encounter inconsistencies between formats such as SPDX and CycloneDX, as well as variations introduced by different generators and scanners. SBOMvert addresses this challenge by providing a consistent way to analyze and reconcile SBOM data, enabling teams to identify discrepancies, align component metadata, and improve interoperability between security and compliance workflows. By supporting SBOM comparison and harmonization, SBOMvert helps security teams reduce noise caused by duplicate or mismatched component records while improving the reliability of downstream tooling such as vulnerability scanners, policy engines, and asset inventories. The tool contributes to a more standardized SBOM ecosystem, making it easier for organizations to integrate SBOM analysis into CI/CD pipelines and broader software assurance initiatives.
- The project's own website: https://sbomvert.jackops.dev/
This project was funded through the NGI0 Commons Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101135429. Additional funding is made available by the Swiss State Secretariat for Education, Research and Innovation (SERI).
