MedSBOM v0.1.0
Open-source FDA/IEC-62304 compliance layer for medical device SBOMs.
Features
- SBOM Ingestion - CycloneDX and SPDX JSON parsing
- CVE Matching - NVD API + CISA KEV feed
- EOL Detection - endoflife.date integration
- Risk Scoring - Composite: CVSS + KEV + EOL proximity
- Document Generation - FDA Premarket Summary, IEC 62304 SOUP Assessment, Vulnerability Review Log
- Audit Trail - Append-only SQLite with tamper-prevention
- CLI -
medsbom ingest,check,report,audit - REST API - FastAPI with Swagger docs
- Docker - Multi-stage build
Install
pip install medsbomQuick Start
medsbom check my-device.sbom.json --device 'My Device' --device-version '1.0'
medsbom report my-device.sbom.json --format all