Release v1.5.1
BomLens v1.5.1
Generate a CycloneDX SBOM, an open-source notice (고지문), and a security report from your source code — or assess the open-source risk of an SBOM or firmware you receive.
Changes
Added
- Desktop app firmware and AI-model scans: the desktop app now runs firmware and AI-model (AIBOM) scans by launching the matching scanner image as a sibling container, pulling it on first use.
- Source file tree without ScanCode: source scans emit a
_files.jsonfile inventory, and the web UI shows a source tree from it when no ScanCode result is present. - SBOM conformance is now a first-class result section, with per-element G7 evidence, examples and guidance links.
- Determinate firmware CVE-database download progress: a real percentage bar during the cve-bin-tool database fetch, falling back to the previous approximation when a scan reports no progress.
Changed
- Web UI design-language refresh: a redesigned visual language, a Recent-scans home, and neutralized report wording.
- Release assets are unified under the BomLens name (for example
BomLens-Setup.*), and the release notes link to the documentation site. - The AI-model scan form now explains the open-source Notice option.
Fixed
- Firmware scans matched zero CVEs because the published firmware image shipped an empty cve-bin-tool database. The image now bundles a populated database with a runtime refresh, the build fails if the database ends up empty, and the database path matches the location cve-bin-tool actually uses.
Installation
Desktop app (double-click, no CLI)
Download BomLens-Setup.exe (Windows) or BomLens-Setup.dmg (macOS) from the assets below. Unsigned for now; if Windows SmartScreen warns, choose "More info", then "Run anyway".
Scripts
curl -O https://raw.githubusercontent.com/sktelecom/sbom-tools/main/scripts/scan-sbom.sh
chmod +x scan-sbom.shDocker Image
docker pull ghcr.io/sktelecom/sbom-generator:1.5.1 # legacy alias: sbom-scanner