SBOM vulnerability scanner
The CRA (Annex I Part II) requires you to know your components and their vulnerabilities. Paste an SBOM, get the answer. Don't have an SBOM yet? Run syft . -o cyclonedx-json in your repo.
Processed in memory, never stored. Vulnerability data: OSV.dev (Google's open vulnerability database).