The BOM Doctor is in

Sonatype's BOM Doctor is an experimental, free resource that evaluates your Java-ecosystem Software Bill of Materials (SBOM) and evaluates the overall health of your application's direct and transitive dependencies. The BOM Doctor's mission is to treat poor dependency hygiene by helping you improve the health of your applications.

• Getting Started
• Viewing Your Results
• Upgrading a Component
• How the Doctor Scores
• FAQ

Workflow

To use BOM Doctor:

1. Submit your SBOM for a checkup!
   • The doctor will review your application and all its dependencies, then give it a score.
     
2. Check your chart!
   • BOM Doctor presents what it finds in an easy-to-understand graph.
     
3. Read your prescription!
   • BOM Doctor uses complex methods to diagnose your application, and understanding those methods is key.
4. Take the cure!
   • Simulate upgrading your components to demonstrate how a better component can increase your score.
5. Come back for a regular checkup!
   • As your application evolves, and as Sonatype's cutting-edge component data catches new vulnerabilities, your application's health will change. Make a point to review your application's health regularly.

Getting Help

BOM Doctor is an experimental feature, undergoing active development, and may change, move, or undergo maintenance without advanced warning. BOM Doctor comes with its own Terms of Service: scroll to the bottom of the BOM Doctor landing page to see those in full.

BOM Doctor is presented as-is, as a free resource. There is no SLO or SLA for BOM Doctor.

If you have questions about BOM Doctor, Sonatype's Support team may be able to help.

To submit a request:

1. Visit support.sonatype.com
2. Select "Submit a request" at the top-right of the page.
3. Select "Problem with a product or serve" from the dropdown menu.
4. Fill out the form, and select "BOM Doctor" from the dropdown menu titled "Product or Service."

Responses from Support are provided on a "best effort" basis.

Up Next

Getting Started