The BOM Doctor is in
Sonatype's BOM Doctor is an experimental, free resource that evaluates your Java-ecosystem Software Bill of Materials (SBOM) and evaluates the overall health of your application's direct and transitive dependencies. The BOM Doctor's mission is to treat poor dependency hygiene by helping you improve the health of your applications.
BOM Doctor is an experimental feature and undergoing active development. See the Getting Help section for more information.
Errors
BOM Doctor is rate limited by GitHub. If you get a rate limiting error, please try again later. We also have a limit on the number of evaluations per hour and per day. If you recieve error 429, try again later.
Workflow
To use BOM Doctor:
- Submit your SBOM for a checkup!
- The doctor will review your application and all its dependencies, then give it a score.
- The doctor will review your application and all its dependencies, then give it a score.
- Check your chart!
- BOM Doctor presents what it finds in an easy-to-understand graph.
- BOM Doctor presents what it finds in an easy-to-understand graph.
- Read your prescription!
- BOM Doctor uses complex methods to diagnose your application, and understanding those methods is key.
- Take the cure!
- Simulate upgrading your components to demonstrate how a better component can increase your score.
- Come back for a regular checkup!
- As your application evolves, and as Sonatype's cutting-edge component data catches new vulnerabilities, your application's health will change. Make a point to review your application's health regularly.
Getting Help
BOM Doctor is an experimental feature, undergoing active development, and may change, move, or undergo maintenance without advanced warning. BOM Doctor comes with its own Terms of Service: scroll to the bottom of the BOM Doctor landing page to see those in full.
BOM Doctor is presented as-is, as a free resource. There is no SLO or SLA for BOM Doctor.
If you have questions about BOM Doctor, Sonatype's Support team may be able to help.
To submit a request:
- Visit support.sonatype.com
- Select "Submit a request" at the top-right of the page.
- Select "Problem with a product or serve" from the dropdown menu.
- Fill out the form, and select "BOM Doctor" from the dropdown menu titled "Product or Service."
Responses from Support are provided on a "best effort" basis.