> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cysmiq.com/llms.txt
> Use this file to discover all available pages before exploring further.

# SBOMs

> Software Bills of Materials generated from dependency data.

## Overview

Cysmiq generates Software Bills of Materials (SBOMs) from dependency data collected during scans. SBOMs provide an inventory of detected packages and their versions across your codebase.

## Format

SBOMs are exported in CycloneDX format, available as:

* **JSON**: Machine-readable, suitable for tooling integration
* **XML**: Alternative format for systems that require XML

## Export levels

SBOMs can be downloaded at different scopes:

* **Application**: Aggregates all manifests across all repositories in the application
* **Repository**: Includes all manifests discovered in the repository
* **Manifest**: Single dependency file (e.g., one package.json)

A repository may contain multiple manifests (e.g., a monorepo with separate package.json files for frontend and backend). The repository-level SBOM combines all of them.

## What's included

Each SBOM contains:

* Package names and versions
* Package URLs (purls) for precise identification where available
* License information where available
* Dependency relationships between packages

SBOMs are available from Applications, Repositories, and Manifests pages.

## Related concepts

* [Assets](/concepts/assets): how manifests and packages are tracked
* [Dependencies](/scanning/dependencies): how dependency vulnerabilities are detected
