New tool built on CycloneDX — MedSBOM for FDA/IEC-62304 compliance #1075
karthikraja14
started this conversation in
General
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi CycloneDX community,
I wanted to share a new open-source tool that builds on the CycloneDX ecosystem: MedSBOM.
It takes CycloneDX JSON SBOMs (and SPDX) and generates FDA-submission-ready compliance documentation — specifically:
It also does CVE matching against NVD, CISA KEV checking, and end-of-life detection with composite risk scoring.
The goal is to bridge the gap between "I have an SBOM" and "I have regulatory evidence" for medical device manufacturers dealing with the FDA 2023 guidance and PATCH Act requirements.
Tested with CycloneDX 1.6 format. Works with output from cyclonedx-python, Syft, Trivy, etc.
GitHub: https://github.com/karthikraja14/MedSBOM
PyPI: pip install medsbom
License: Apache 2.0
Would love feedback from this community since you all understand the SBOM ecosystem deeply. Particularly interested in:
Thanks!
Beta Was this translation helpful? Give feedback.
All reactions