SBOMHub – Centralized vulnerability tracking for software projects

Summary: SBOMHub is an open-source dashboard that consolidates Software Bill of Materials (SBOMs) from tools like Syft, Trivy, and cdxgen to track vulnerabilities across projects. It matches SBOM components against NVD CVEs, prioritizes risks using EPSS scores, and enables instant cross-project CVE searches.

What it does

SBOMHub imports SBOMs, automatically matches them to known vulnerabilities, and provides a searchable interface to assess risk across multiple repositories.

Who it's for

It is designed for development and security teams managing multiple software projects requiring centralized vulnerability oversight.

Why it matters

It addresses the challenge of scattered SBOMs by offering a unified view to quickly identify and prioritize security risks.