SBOM

Overview

Kaleidoscope's Software Bill of Materials (SBOM) service provides comprehensive vulnerability scanning and dependency analysis across multiple programming languages and package managers. The SBOM service supports a wide range of ecosystems and package formats for thorough security analysis.

Supported Languages and Package Managers

Language/Technology

Package Manager

Supported Files/Formats

Transitive Dependency Support

JavaScript/Node.js

npm, yarn

package-lock.json, yarn.lock

✓ (package-lock.json only)

Python

pip, poetry

requirements.txt, pyproject.toml, wheel, egg

✓ (requirements.txt only)

Go modules

go.mod, Go binaries

✓

C#/.NET

dotnet

deps.json

✗

PHP

Composer, PECL, Pear

composer.lock

✓

Java

Maven, Gradle

jar, ear, war, par, sar, nar, native-image

✗

Ruby

gem

Gemfile.lock

✗

Rust

Cargo

cargo.lock, auditable binaries

✗

Swift

CocoaPods, Swift Package Manager

Podfile.lock, Swift package manifests

✗

Objective-C

CocoaPods

Podfile.lock

✗

C/C++

Conan

Conan manifests

✗

Dart

pub

pubspec.lock

✗

Elixir

mix

mix.lock

✗

Erlang

rebar3

Rebar lock files

✗

Haskell

cabal, stack

Cabal files, Stack manifests

✗

System Package Managers

Distribution/System

Package Manager

Supported Formats

Alpine Linux

apk

apk packages

Debian/Ubuntu

dpkg

dpkg packages

Red Hat/CentOS/Fedora

rpm

rpm packages

Bitnami

Bitnami packages

Nix

Outputs in /nix/store

Additional Supported Formats

Getting Started

To enable SBOM analysis for repositories:

Ensure repositories contain supported manifest files or package formats
Configure the relevant blueprint with appropriate permissions (repo scope)
Monitor results in the Kaleidoscope dashboard

For specific configuration details, refer to the relevant blueprint documentation:

PreviousKubernetes-gke NextTeam

Last updated 12 days ago

Was this helpful?