Skip to main content

Overview

Cysmiq generates Software Bills of Materials (SBOMs) from dependency data collected during scans. SBOMs provide an inventory of detected packages and their versions across your codebase.

Format

SBOMs are exported in CycloneDX format, available as:
  • JSON: Machine-readable, suitable for tooling integration
  • XML: Alternative format for systems that require XML

Export levels

SBOMs can be downloaded at different scopes:
  • Application: Aggregates all manifests across all repositories in the application
  • Repository: Includes all manifests discovered in the repository
  • Manifest: Single dependency file (e.g., one package.json)
A repository may contain multiple manifests (e.g., a monorepo with separate package.json files for frontend and backend). The repository-level SBOM combines all of them.

What’s included

Each SBOM contains:
  • Package names and versions
  • Package URLs (purls) for precise identification where available
  • License information where available
  • Dependency relationships between packages
SBOMs are available from Applications, Repositories, and Manifests pages.
  • Assets: how manifests and packages are tracked
  • Dependencies: how dependency vulnerabilities are detected