daS-BOMb
Know what's in your containers
Windows
macOS
Linux
Complete container security workflow that runs entirely offline. Generate SBOMs, scan for vulnerabilities, and sign containers with drag-and-drop simplicity. Air-gap ready with exportable cache bundles for isolated environments.
Why daS-BOMb?
Complete Supply Chain Security
Generate SBOMs, scan for vulnerabilities, and cryptographically sign containers—all in one tool. Meet regulatory compliance requirements with industry-standard formats (SPDX, CycloneDX) without juggling multiple command-line tools.
Air-Gap Ready
Designed for isolated networks. Export vulnerability databases and cache bundles to transfer between systems. Analyze containers in secure environments without internet connectivity.
Visual Interface
Skip the terminal. Drag and drop container images or tarballs, view results in an interactive tree, and export with one click. Security analysis shouldn't require a PhD in CLI tools.
Features
Drag & Drop
Drop container images, tarballs, or directories. No command line needed.
Deep Analysis
Powered by Syft to catalog OS packages, language dependencies, and embedded binaries across multiple ecosystems.
Standard Formats
Export to SPDX, CycloneDX, or simple JSON for integration with your toolchain.
Vulnerability Scanning
Uses Grype to match packages against CVE databases with severity ratings and detailed advisories.
License Detection
Identify licenses for all discovered packages for compliance review.
Signing & Verification
Generate Cosign keys to cryptographically sign containers and verify signatures for supply chain authenticity.
System Requirements
Desktop
- Windows 10+, macOS 10.14+, or Linux
- 4 GB RAM minimum (8 GB recommended)
- 500 MB disk space + working space
- Docker optional (for pulling images)