Launched this week
SBOMHub

SBOMHub

Track vulnerabilities across all your software projects

2 followers

Visit website
SBOMHub is an open-source dashboard that helps you manage Software Bill of Materials (SBOMs) and track vulnerabilities across all your projects. Import SBOMs from Syft, Trivy, or cdxgen. Get matched against NVD vulnerabilities. Prioritize by EPSS scores. Search CVEs across all projects instantly. Free tier available. Self-host option with AGPL-3.0 license.
SBOMHub gallery image
SBOMHub gallery image
SBOMHub gallery image
Free Options
Launch tags:Open Sourceā€¢Developer Toolsā€¢Security
Launch Team / Built With
Intercom
Intercom
Startups get 90% off Intercom + 1 year of Fin AI Agent free
Promoted

What do you think? ā€¦

Youichi Uda
Maker
šŸ“Œ
Hey Product Hunt! šŸ‘‹ I'm the maker of SBOMHub. Here's why I built it: Generating SBOMs is easy (Syft, Trivy, etc.). Managing them is hard. When Log4j happened, many teams couldn't quickly answer "are we affected?" because SBOMs were scattered across repos with no central view. SBOMHub solves this: āœ… Central dashboard for all project SBOMs āœ… Automatic CVE matching from NVD āœ… Cross-project search ("which repos use lodash < 4.17.21?") āœ… EPSS scores to prioritize real risks āœ… CLI for CI/CD integration It's open-source (AGPL-3.0) and you can self-host for free, or use the cloud version. Would love your feedback! What features would make this useful for your workflow?