Static document review
SBOM and VEX Readiness Validator
Check whether an SBOM or VEX document has usable inventory, identifiers, licenses, dependency relationships, vulnerability status, and release tracking before sharing it with a customer, auditor, or vendor portal.
Readiness score
--
Paste a document to begin
Document input
CycloneDX, SPDX, CSAF/VEX, or OpenVEX JSON/YAML.
Ready
Readiness report
No report yet.
Critical0
High0
Medium0
Low0
Findings will appear here after analysis.
What this checks
- Document identity, version, timestamp, creator, and release tracking
- Component/package names, exact versions, purl/CPE/BOM/SPDX identifiers, and checksums
- License declarations and evidence for exchange review
- Dependency relationships instead of flat-only inventory
- VEX advisory IDs, product/component references, status, justification, and remediation