SBOM
Overview
Kaleidoscope's Software Bill of Materials (SBOM) service provides comprehensive vulnerability scanning and dependency analysis across multiple programming languages and package managers. The SBOM service supports a wide range of ecosystems and package formats for thorough security analysis.
Supported Languages and Package Managers
JavaScript/Node.js
npm, yarn
package-lock.json, yarn.lock
β (package-lock.json only)
Python
pip, poetry
requirements.txt, pyproject.toml, wheel, egg
β (requirements.txt only)
Go
Go modules
go.mod, Go binaries
β
C#/.NET
dotnet
deps.json
β
PHP
Composer, PECL, Pear
composer.lock
β
Java
Maven, Gradle
jar, ear, war, par, sar, nar, native-image
β
Ruby
gem
Gemfile.lock
β
Rust
Cargo
cargo.lock, auditable binaries
β
Swift
CocoaPods, Swift Package Manager
Podfile.lock, Swift package manifests
β
Objective-C
CocoaPods
Podfile.lock
β
C/C++
Conan
Conan manifests
β
Dart
pub
pubspec.lock
β
Elixir
mix
mix.lock
β
Erlang
rebar3
Rebar lock files
β
Haskell
cabal, stack
Cabal files, Stack manifests
β
System Package Managers
Alpine Linux
apk
apk packages
Debian/Ubuntu
dpkg
dpkg packages
Red Hat/CentOS/Fedora
rpm
rpm packages
Bitnami
Bitnami
Bitnami packages
Nix
Nix
Outputs in /nix/store
Additional Supported Formats
Infrastructure
Terraform
.terraform.lock.hcl
CI/CD
Jenkins
.jpi, .hpi plugins
CMS
WordPress
WordPress plugins
System
Linux Kernel
vmlinz archives, .ko modules
Getting Started
To enable SBOM analysis for repositories:
Ensure repositories contain supported manifest files or package formats
Configure the relevant blueprint with appropriate permissions (
reposcope)Monitor results in the Kaleidoscope dashboard
For specific configuration details, refer to the relevant blueprint documentation:
Last updated
Was this helpful?