Release v1.5.5
BomLens v1.5.5
Generate a CycloneDX SBOM, an open-source notice (고지문), and a security report from your source code — or assess the open-source risk of an SBOM or firmware you receive.
Changes
Fixed
- Maven and Gradle source scans now record their direct dependencies in the SBOM dependency graph. The root component previously carried an empty
dependsOn, so tools reading the graph classified every direct dependency as transitive. npm was unaffected.
Installation
Desktop app (double-click, no CLI)
Download BomLens-Setup.exe (Windows) or BomLens-Setup.dmg (macOS) from the assets below. Unsigned for now; if Windows SmartScreen warns, choose "More info", then "Run anyway".
Scripts
curl -O https://raw.githubusercontent.com/sktelecom/sbom-tools/main/scripts/scan-sbom.sh
chmod +x scan-sbom.shDocker Image
docker pull ghcr.io/sktelecom/sbom-generator:1.5.5 # legacy alias: sbom-scanner