Open Source Compliance
CycloneDX SBOM Validator
Paste a CycloneDX SBOM JSON document to validate required fields, component structure, PURL format, and dependency graph integrity against the official schema.
No data is transmitted โ everything runs locallyTool
About this tool
CycloneDX SBOM Validator
The CycloneDX SBOM Validator validates SBOM documents against CycloneDX v1.4 and v1.5 JSON schema, checking required fields, PURL format, and dependency graph integrity.
โข Validate a CycloneDX SBOM generated by syft or cdxgen before submission to a customer
โข Debug a schema validation error in a CI/CD SBOM generation pipeline
โข Check PURL format correctness for all components in an SBOM
โข Verify VEX analysis states and justification codes
Affiliate disclosure
Credential and secrets management for teams. 1Password provides enterprise password management and secrets infrastructure for development teams.
View SBOM pipeline credentials with 1Password
External site ยท Independent provider ยท We may receive a commission ยท Not a recommendation
FAQ
What does this tool tell you?
The CycloneDX SBOM Validator validates SBOM documents against CycloneDX v1.4 and v1.5 JSON schema, checking required fields, PURL format, and dependency graph integrity.
What affects the result most?
Validates CycloneDX SBOM structure against v1.4 and v1.5 JSON schema. Required fields: bomFormat, specVersion, version, serialNumber, metadata.component. Component required fields: type, name โ bom-ref optional but recommended for dependency graph.
How should I use the result?
Treat the tool's output as a first-pass check, not a proof of correctness. A clean pass means no issues in the patterns this tool recognizes; a failure points to a specific problem you can investigate in your source. The underlying spec is the authoritative source for edge cases.
Related tools