bomly

command
v0.15.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 27, 2026 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Overview

Command bomly scans source trees, SBOMs, Git refs, and container images for dependency intelligence.

Bomly can generate and ingest SBOMs, explain why packages are present, compare dependency graphs, enrich packages with vulnerability and license data, evaluate policy, and run as an MCP server:

bomly scan
bomly scan --enrich --audit --fail-on high
bomly diff --base main --head HEAD
bomly explain pkg:npm/react
bomly mcp serve

Scans run locally and do not make outbound matcher calls unless enrichment is requested with flags such as --enrich. See the repository README and docs for installation, configuration, output formats, CI integration, and plugin authoring guides.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL