All Features
SBOM Management

Central SBOM repository for the entire product lifecycle

CycloneDX and SPDX via drag-and-drop, automatic format detection, and vulnerability correlation

Article 13(5) of the Cyber Resilience Act requires manufacturers to create and maintain a Software Bill of Materials for every product. Kunnus makes SBOM management as easy as drag-and-drop: upload CycloneDX or SPDX files, let the format be auto-detected, and manage all SBOMs centrally with versioning and vulnerability correlation.

CycloneDX & SPDXFormats
Drag & DropUpload
Auto-DetectionFormat
CentralRepository
app.kunnus.tech/products/smartsensor-xr/sbom

SBOM Explorer

CycloneDX v1.5
Search components...
📦smartsensor-firmware@3.2.1
├── 📦linux-kernel@5.15.94
No issues
├── 📦openssl@3.0.13
2 Critical
├── 📦libcrypto@3.0.13
CVE-2024-0727
└── 📦libssl@3.0.13
Patched
├── 📦freertos@10.6.1
No issues
├── 📦curl@8.5.0
1 High
├── 📦sqlite@3.45.0
No issues
├── 📦zlib@1.3.1
No issues
├── 📦mbedtls@3.5.1
No issues
└── 📦app-logic@3.2.1
├── 📦lwip@2.2.0
No issues
└── 📦protobuf-c@1.5.0
No issues

Key Benefits

Upload JSON (CycloneDX, SPDX)

Drag-and-drop upload with automatic format detection. Client-side validation, version labeling, and current-SBOM flagging.

Central SBOM Repository

Central archive for all SBOMs. View, download, archive, and mark as current. Stats: total SBOMs, components indexed, coverage.

SBOM Detail & Component List

Full component list per SBOM with vulnerability data and severity filtering. Every component at a glance.

SBOM-to-Entity Mapping

Manage links between SBOMs and products or components. Clear assignment of which SBOM belongs to which product.

Capabilities

Automatic Format Detection

CRA Art. 13(5)

On upload, Kunnus automatically detects whether the file is CycloneDX JSON, CycloneDX XML, or SPDX. No manual configuration required.

Versioning & Archiving

Annex V

Every uploaded SBOM is versioned. Older versions remain accessible in the archive, and the current SBOM is clearly flagged.

Per-Component Vulnerability Correlation

Annex I Part II

Every SBOM component is checked against known vulnerabilities. Severity filters enable quick prioritization.

Coverage Statistics

Dashboard with total SBOMs, indexed components, and coverage rate across your product portfolio.

Cross-Product SBOM Analysis

Identify shared components across your entire portfolio. When a new vulnerability appears, you instantly see all affected products.

Use Cases

01

Fulfill SBOM Requirements (Art. 13.5)

An embedded systems manufacturer imports SBOMs from their CI/CD pipeline output. Kunnus auto-versions each SBOM and correlates vulnerabilities -- the Annex V documentation is created as a byproduct.

02

Supply Chain Transparency

A device manufacturer receives SBOMs from 15 suppliers in different formats. Kunnus auto-detects all formats and shows the complete picture of all third-party components.

03

Zero-Day Response

When a critical vulnerability is disclosed, Kunnus identifies all affected products in the portfolio within seconds via the central SBOM repository.

Related Features

Vulnerability Management

Track discovered vulnerabilities from CVE to remediation -- with SLA tracking and Trustify sync.

Learn more

Product Management

Link SBOMs directly to your products and their versions in the component library.

Learn more

Compliance Assessment

SBOM coverage is one of the eight CRA requirements -- Kunnus tracks the status automatically.

Learn more

Make your software supply chain transparent

See how Kunnus automates SBOM import, versioning, and vulnerability correlation. We'll walk you through the workflow in a personalized demo.

View Walkthrough