Validates against CycloneDX 1.6 + CipherM strict-mode schema. Public uploads are listed in the registry. Unlisted gets a private URL — share with auditors only.
Drag a CycloneDX CBOM here
.json files only · validation runs locally first · publish is a single click
Install cipherm-scan and point it at any directory:
pip install cipherm-scan cipherm-scan /path/to/your/repo \ --output cbom.json \ --summary
Drag the resulting cbom.json into the box above to publish it.