Back in December 2025, we announced the release of sbom-cve-check, a lightweight CVE analysis tool for your Software Bill of Materials (SBOM). Since the announcement, we have announced a number of updates and new releases, but work has continued, and we have several new updates to share about sbom-cve-check.
Tag: sbom-cve-check
sbom-cve-check v1.2.0 released
We are pleased to announce the release of sbom-cve-check v1.2.0, which focuses on offline usability, improved SPDX 3.0 support, and more flexible export options.
For the record, sbom-cve-check is a lightweight, standalone and easy-to-use tool that parses Software Bill Of Materials (SBOM) files and using publicly available databases of security vulnerabilities (CVEs), provides a report detailing which software components are affected by known security vulnerabilities. sbom-cve-check is developed and maintained by Bootlin engineer Benjamin Robin.
In the next sections we will describe the major updates brought by this 1.2.0 release.
sbom-cve-check updates: new release, meta-sbom-cve-check, possible Yocto integration, FOSDEM talk
Back in December 2025, we announced the release of sbom-cve-check, a lightweight CVE analysis tool for your Software Bill of Materials (SBOM).
Since the release announcement, the project has continued its development, and in this blog post, we wanted to share a number of updates about this project: a new 1.1.0 release, a new meta-sbom-cve-check layer, possible integration into the Yocto Project, and a talk at FOSDEM.