Free -- No Login Required

Bill of Material Generator

Generate ISO 27001 compliant Software Bill of Materials with vulnerability detection, compliance reporting, and multi-format export

CVE Detection
ISO 27001
SPDX + CycloneDX
Risk Assessment
License Check
VEX Statements

Upload your package.json or entire project

Drag and drop your files here, or click to browse

Vulnerability Detection

CVE detection via OSV.dev, Snyk security scores, and VEX statements for all dependencies

ISO 27001 Compliance

CISA 2025 and EU CRA compliant with SPDX 2.3 and CycloneDX 1.5 export

Monorepo Support

Works with pnpm, yarn, npm workspaces, and Lerna monorepo setups

Monorepo support -- No data stored -- 100% private

SPDX 2.3CycloneDX 1.5ISO 27001
CLI:
pnpm dlx @billofmaterial/cli generate

Made by Marcel Bakloutiv0.3.0