Skip to content

Generate SBOMs and assess open-source risk, all locally

A local-first SBOM generator and open-source risk assessor for a single project — no SaaS, no account. From source code, a container image, a binary, or an SBOM you received, it produces an SBOM (CycloneDX 1.6), an open-source notice, and a security risk report in one run.

Get started Download for Windows (.exe)

Prefer no command line? Download the installer and double-click it. A Docker engine is required; the free Rancher Desktop works well on Windows. A step-by-step walkthrough (Korean) is in the no-CLI quick start.

The scan results screen — view and download the SBOM, notice, and risk report as grouped cards

Where to go next

  • Getting started

    Install through your first SBOM (web UI and CLI).

    Getting started

  • Input scenarios

    GitHub URL, ZIP, local source, an existing SBOM, firmware.

    Scenarios guide

  • Usage guide

    Every option, analysis modes, CI/CD.

    Usage guide