ThunderShield analysts generate a CycloneDX 1.6 software bill of materials from your source code, match components against NVD and GitHub Advisory vulnerabilities, classify license risk, and deliver a signed Traditional-Chinese PDF report. Your source code is never retained.
ThunderShield's analyst-driven process for producing a CycloneDX 1.6 SBOM with vulnerability and license-risk analysis
A Software Bill of Materials is a standardized inventory of every open-source and third-party component, version, and dependency in your software. With an SBOM, you can immediately assess your exposure when the next Log4Shell-class vulnerability breaks, and it is the baseline document customers and supply-chain partners increasingly require.
A ZIP archive of your project source code. We recommend including dependency lockfiles (package-lock.json, poetry.lock, etc.); for .NET projects, include packages.lock.json for complete resolution. Your code is never executed and no package restore is performed during analysis.
No. Source code is held in an isolated environment only for the duration of the scan and is deleted immediately afterward, whether the scan succeeds or fails. Only the analysis results and report are kept.
The SBOM is delivered as standard CycloneDX 1.6 JSON, ready to share with customers or import into other security tools. Scanning covers mainstream ecosystems (JavaScript, Python, Java, Go, .NET, and more), with vulnerabilities matched against the NVD and GitHub Advisory databases.
The Traditional-Chinese PDF report includes a 0–100 risk score, the most severe Critical/High CVEs with CVSS scores, license-risk classification, the full component inventory, and remediation recommendations, with analyst signature fields — plus the CycloneDX JSON export. After remediation, a re-scan compares component and vulnerability drift against the previous scan.
Contact ThunderShield for a consultation · View pricing plans