sbom-cve-check – Bootlin

sbom-cve-check v1.2.0 released

We are pleased to announce the release of sbom-cve-check v1.2.0, which focuses on offline usability, improved SPDX 3.0 support, and more flexible export options.

For the record, sbom-cve-check is a lightweight, standalone and easy-to-use tool that parses Software Bill Of Materials (SBOM) files and using publicly available databases of security vulnerabilities (CVEs), provides a report detailing which software components are affected by known security vulnerabilities. sbom-cve-check is developed and maintained by Bootlin engineer Benjamin Robin.

In the next sections we will describe the major updates brought by this 1.2.0 release.

Continue reading “sbom-cve-check v1.2.0 released”

sbom-cve-check updates: new release, meta-sbom-cve-check, possible Yocto integration, FOSDEM talk

Back in December 2025, we announced the release of sbom-cve-check, a lightweight CVE analysis tool for your Software Bill of Materials (SBOM).

Since the release announcement, the project has continued its development, and in this blog post, we wanted to share a number of updates about this project: a new 1.1.0 release, a new meta-sbom-cve-check layer, possible integration into the Yocto Project, and a talk at FOSDEM.

Continue reading “sbom-cve-check updates: new release, meta-sbom-cve-check, possible Yocto integration, FOSDEM talk”