T Techclick Supply-chain security

Static document review

SBOM and VEX Readiness Validator

Check whether an SBOM or VEX document has usable inventory, identifiers, licenses, dependency relationships, vulnerability status, and release tracking before sharing it with a customer, auditor, or vendor portal.

Readiness score -- Paste a document to begin

Document input

CycloneDX, SPDX, CSAF/VEX, or OpenVEX JSON/YAML.

Ready

Readiness report

No report yet.

Critical0
High0
Medium0
Low0
Findings will appear here after analysis.

What this checks

  • Document identity, version, timestamp, creator, and release tracking
  • Component/package names, exact versions, purl/CPE/BOM/SPDX identifiers, and checksums
  • License declarations and evidence for exchange review
  • Dependency relationships instead of flat-only inventory
  • VEX advisory IDs, product/component references, status, justification, and remediation

Evidence base