[cloud] Analyze SBOM files

Since the latest version, Cauldron allows to analyze Software Bill Of Materials (SBOM) files.

A Software Bill Of Materials is a list of all dependencies present in a code base. Cauldron collects and analyzes the data to display it in an elegant way.

Currently it is only available for Cauldron Cloud users and it only analyzes SPDX files. We are looking for feedback to improve this feature and provide better results.

You can import a new SPDX file from the top bar. Cauldron will parse the file and will obtain the repositories for each package in the file. Currently it can identify and analyze GitHub repositories, GitLab repositories, pypi packages and npm packages.

You can create a new report from a SPDX file from the top side bar.


From the new page, you can import an SPDX file, select the repositories you want to analyze and create a new report.

The idea of this feature is to provide the insight of the dependencies of your project. From a report you can filter a specific dependency and obtain its activity and evolution. Remember to select Git and GitHub repository for issues/pull requests and commits.