Demo Mode: The SBOM file below is pre-loaded for demonstration purposes.
Software Bill of Materials (SBOM) Upload
Demo SBOM File
In a real audit, you would upload your enterprise SBOM file containing software components, libraries, and dependencies. Here for this demo, we've pre-loaded a sample enterprise SBOM with multiple vulnerable components.
SBOM File (Demo)
enterprise_sbom.json
SBOM Loaded! Ready for KEV exposure analysis.
SBOM Preview
{
"bomFormat": "CycloneDX",
"specVersion": "1.4",
"serialNumber": "urn:uuid:enterprise-sbom-2024",
"version": 1,
"metadata": {
"timestamp": "2024-09-14T00:00:00Z",
"tools": [{"vendor": "Enterprise", "name": "SBOM Generator", "version": "1.0"}]
},
"components": [
{"type": "library", "name": "weblogic-server", "version": "12.2.1.4", "purl": "pkg:maven/com.oracle/weblogic-server@12.2.1.4"},
{"type": "library", "name": "apache-kylin", "version": "4.0.0", "purl": "pkg:maven/org.apache.kylin/apache-kylin@4.0.0"},
{"type": "application", "name": "internet-explorer", "version": "11.0", "purl": "pkg:generic/microsoft/internet-explorer@11.0"},
{"type": "application", "name": "microsoft-project", "version": "2019", "purl": "pkg:generic/microsoft/project@2019"},
{"type": "application", "name": "microsoft-excel", "version": "2016", "purl": "pkg:generic/microsoft/excel@2016"},
{"type": "application", "name": "microsoft-outlook", "version": "2019", "purl": "pkg:generic/microsoft/outlook@2019"},
{"type": "framework", "name": "sap-netweaver", "version": "7.5", "purl": "pkg:generic/sap/netweaver@7.5"},
{"type": "application", "name": "vmware-vcenter", "version": "7.0", "purl": "pkg:generic/vmware/vcenter-server@7.0"},
{"type": "application", "name": "oracle-agile-plm", "version": "9.3.6", "purl": "pkg:generic/oracle/agile-plm@9.3.6"},
{"type": "framework", "name": "dotnet-framework", "version": "4.7.2", "purl": "pkg:nuget/Microsoft.NETFramework@4.7.2"},
{"type": "library", "name": "log4j-core", "version": "2.14.1", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.14.1"},
{"type": "library", "name": "spring-framework", "version": "5.3.21", "purl": "pkg:maven/org.springframework/spring-framework@5.3.21"}
]
}
What Happens Next?
Our system will cross-reference your SBOM components against CISA's Known Exploited Vulnerabilities catalog to identify software with confirmed active exploitation. The analysis includes:
- Real-time KEV catalog matching
- Active exploitation detection
- Emergency patch prioritization
- Incident response activation protocols