Sunshine - SBOM visualization tool

Select a CycloneDX JSON file from your file system. All submitted data is processed locally within your browser, without being transmitted anywhere else.

• If you do not have a CycloneDX JSON file available, but just want to see what output is produced by the tool see a sample HTML output here.
• If your SBOM file is not in the CycloneDX JSON format, such as SPDX or CycloneDX XML, you can convert it using CycloneDX Web Tool.
• If you prefer using a standalone CLI version download it here.

This chart visualizes components and their dependencies, with each segment representing a single component. The chart provides a hierarchical view of the dependency structure, with relationships radiating outward from the core components.

• Innermost circle: represents components that are independent and not dependencies for any other components.
• Outer circles: each segment represents a dependency of the corresponding segment in the circle immediately inside it. The farther a segment is from the center, the deeper the dependency level.

Note: If there is only one circle, it means that no dependency relationships are defined in the input file.

The colors of the segments indicate the vulnerability status of the components:

• Dark red: affected by at least one critical severity vulnerability.
• Red: affected by at least one high severity vulnerability.
• Orange: affected by at least one medium severity vulnerability.
• Yellow: affected by at least one low severity vulnerability.
• Green: affected by at least one informational severity vulnerability.
• Light blue: not directly affected by vulnerabilities but has at least one vulnerable dependency.
• Grey: neither the component nor its dependencies are affected by any vulnerabilities.

The chart is interactive:

• Hovering: displays details about a component, including its name, version, and list of vulnerabilities.
• Clicking: refocuses the chart. The clicked segment becomes the center (second innermost circle), showing only that component and its dependencies. In this view, the innermost circle is always blue. Clicking the blue circle navigates back up one level in the dependency hierarchy.

---

Chart will appear here...

This table visualizes components, their dependencies, vulnerabilities and licenses.
The colors of the elements in columns "Component", "Depends on" and "Dependency of" indicate the vulnerability status of the components:

• Dark red: affected by at least one critical severity vulnerability.
• Red: affected by at least one high severity vulnerability.
• Orange: affected by at least one medium severity vulnerability.
• Yellow: affected by at least one low severity vulnerability.
• Green: affected by at least one informational severity vulnerability.
• Light blue: not directly affected by vulnerabilities but has at least one vulnerable dependency.
• Grey: neither the component nor its dependencies are affected by any vulnerabilities.

The colors of the elements in columns "Direct vulnerabilities" and "Transitive vulnerabilities" indicate the severity of the vulnerabilities:

• Dark red: critical.
• Red: high.
• Orange: medium.
• Yellow:low.
• Green:informational.

---

Table will appear here...

Log will appear here...

Sunshine - SBOM visualization tool by Luca Capacci | GitHub repository | License | Third party licenses