Changelog NotificationsAPIAikido login

Generate SBOM based on open-source packages

Aikido allows you to export both SBOMs (Software Bill of Materials) and VEX (Vulnerability Exploitability eXchange) files—giving you visibility into your software components and helping you prioritize what actually needs fixing.

Use Cases:

  • SBOM Export (CycloneDX, SPDX or CSV)

    • Share with customers for compliance (e.g., ISO 27001, SOC2).

    • Feed into third-party risk or procurement tools.

  • VEX Export (CycloneDX only)

    • Clearly flag which vulnerabilities are exploitable and which are not applicable.

Where to find the SBOM

Step 1. Go to Reports > Licenses & SBOM

Step 2. Download SPDX, CycloneDX or CSV SBOM via the top right action

Python package license risks overview with filters and SBOM download option.

Optional. Filter licenses on different parameters and export the SBOM after. The export takes into account the chosen filter values.

Filter menu for searching repositories by license, language, risk, and container options.

If you want to filter on team, you can do this via changing the Team Filter on the top of the page.

Team selection dropdown for viewing Licenses & SBOM reports.

If you have multi-branch scanning enabled, you can get different SBOMs per legacy branch by selecting the specific legacy branch repo in the dropdown. Contact us via in-app chat for more info.

Generate and Export via API

Aikido also supports generation and download of SBOM via API. More information can be found in our Apidocs.

Last updated

Was this helpful?