Skip to content

v0.1.0 - MedSBOM Initial Release

Latest

Choose a tag to compare

@karthikraja14 karthikraja14 released this 10 Jul 15:58

MedSBOM v0.1.0

Open-source FDA/IEC-62304 compliance layer for medical device SBOMs.

Features

  • SBOM Ingestion - CycloneDX and SPDX JSON parsing
  • CVE Matching - NVD API + CISA KEV feed
  • EOL Detection - endoflife.date integration
  • Risk Scoring - Composite: CVSS + KEV + EOL proximity
  • Document Generation - FDA Premarket Summary, IEC 62304 SOUP Assessment, Vulnerability Review Log
  • Audit Trail - Append-only SQLite with tamper-prevention
  • CLI - medsbom ingest, check, report, audit
  • REST API - FastAPI with Swagger docs
  • Docker - Multi-stage build

Install

pip install medsbom

Quick Start

medsbom check my-device.sbom.json --device 'My Device' --device-version '1.0'
medsbom report my-device.sbom.json --format all

Full docs: https://github.com/karthikraja14/MedSBOM#readme