We are excited to announce that Ostorlab now supports uploading an SBOM or Lockfile for extended dependency detection.

Supported Files

The platform supports an extensive list of SBOM and Lockfiles.

• SPDX
• CycloneDX
• gradle.lockfile
• pubspec.lock
• buildscript-gradle.lockfile
• pnpm-lock.yaml
• package-lock.json
• packages.lock.json
• pom.xml
• Gemfile.lock
• yarn.lock
• Cargo.lock
• composer.lock
• conan.lock
• mix.lock
• go.mod
• requirements.txt
• Pipfile.lock
• poetry.lock

To get started, refer to the detailed steps provided in our integration documentation here.