SBOM Generation

A complete inventory of everything in your software

Pragma Core generates a detailed Software Bill of Materials for every repository. Know exactly which libraries, versions, and licenses make up your applications, and export compliance-ready reports in seconds.

Generate your first SBOM View all features
How it works

From repository to component inventory in one click

A single click generates a full component inventory from any cloned repository, ready for review or compliance export.

1
Trigger SBOM generation
Click generate on any cloned repository. The platform analyzes the entire file system to discover every component.
2
Components are cataloged
Libraries, frameworks, and packages are identified with their exact version, license, and package URL (PURL).
3
Browse or export
Explore the component map visually inside the platform, or export a CycloneDX JSON file for auditors and compliance teams.
Capabilities

Everything you need for supply chain transparency

CycloneDX export
Export your SBOM in the CycloneDX JSON format, the industry standard accepted by regulators, auditors, and enterprise procurement teams worldwide.
License tracking
See which open source licenses are in use across your project. Spot GPL, AGPL, or other copyleft licenses before they create legal exposure for your commercial product.
Package URL (PURL)
Every component is identified by its PURL, making it easy to cross-reference with external vulnerability databases, procurement systems, and policy engines.
Visual component map
Browse your SBOM through an interactive component map inside the platform. Filter by type, search by name, and drill into individual package details.
Industry-grade analysis
The generation engine detects components across dozens of package formats and file types, the same approach used by enterprise security teams worldwide.
Per-repository generation
Generate and manage SBOMs independently for each repository. Track generation timestamps and regenerate on demand whenever your codebase changes.
Why it matters

Regulations are coming. Be ready.

Meet regulatory requirements
Executive orders and EU directives increasingly require software vendors to provide SBOMs. Having one ready before the audit starts puts your team ahead of the curve.
Accelerate vendor security reviews
Enterprise customers will ask for a software bill of materials during procurement. A CycloneDX export answers their questionnaire in seconds instead of weeks.
Track license risk proactively
One AGPL dependency pulled in transitively can change the licensing obligations for your entire product. SBOMs make those hidden dependencies visible before they become legal issues.
Respond faster to zero-days
When a critical CVE drops, the first question is always "are we affected?" An up-to-date SBOM gives you the answer in seconds, not hours of digging through lockfiles.

Generate your first SBOM in minutes

Connect your repositories, click generate, and get a complete component inventory with CycloneDX export.

Create free account Sign in