SBOM Component Browser

A web application for uploading, parsing, and exploring Software Bill of Materials (SBOMs). The app extracts components from SBOM JSON files (CycloneDX / SPDX-style) and makes them searchable across projects.

Built with Next.js (App Router), TypeScript, PostgreSQL, and Prisma.

Features

Upload SBOM JSON files
Parse and normalize components into a relational database
Browse SBOMs by project
Search SBOMs by component name
View SBOM details and component lists
Paginated component tables
Delete SBOMs
Authentication using NextAuth (Credentials provider)

Tech Stack

Frontend

Next.js (App Router)
React
TypeScript
Tailwind CSS

Backend

Next.js API Routes
NextAuth / Auth.js
Prisma ORM
PostgreSQL

Tooling

Prisma Migrate
ESLint
Prettier
**Node.js 18+

Getting Started (Local Development)

1️⃣ Prerequisites

Node.js 20.19+
Docker (recommended for PostgreSQL)
npm or pnpm

2️⃣ Clone the repository

3️⃣ Install dependencies

npm install

🐳 Running PostgreSQL with Docker (Recommended)

This project includes a docker-compose.yml file to run PostgreSQL locally.

Start the database

docker compose up -d

This starts a PostgreSQL 16 container with:

Database: sbom_browser
Username: postgres
Password: postgres
Port: 5432

Stop the database

docker compose down

To stop and remove all data:

docker compose down -v

4️⃣ Configure environment variables

Create a .env file in the root:

DATABASE_URL="postgresql://postgres:postgres@localhost:5432/sbom_browser"
NEXTAUTH_SECRET="super-secret-key"
NEXTAUTH_URL="http://localhost:3000"

5️⃣ Set up the database

Run Prisma migrations and generate the client:

npx prisma migrate dev
npx prisma generate

(Optional) View the database:

npx prisma studio

6️⃣ Run the development server

npm run dev

Open your browser at:

http://localhost:3000

Usage

Register a user account
Log in
Registered user will have a project called Default
Upload an SBOM JSON file
- User has the option to create a project in the Upload modal
Browse and search components
View SBOM details and components
Delete SBOMs when no longer needed

Supported SBOM Formats

The parser currently supports:

CycloneDX-style JSON
SPDX-style JSON (basic support)

Unsupported or malformed files will be rejected gracefully.

Authentication

Uses NextAuth Credentials Provider
Passwords are hashed with bcrypt
Session strategy: JWT

Some Screenshots

Login page:

Register page:

Sbom Component Browser Empty Dashboard:

Upload Modal:

Sbom List:

Search Component Name:

Component Detail:

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
docs/screenshots		docs/screenshots
prisma		prisma
public		public
src		src
.env.example		.env.example
.gitignore		.gitignore
README.md		README.md
docker-compose.yml		docker-compose.yml
eslint.config.mjs		eslint.config.mjs
next.config.ts		next.config.ts
package-lock.json		package-lock.json
package.json		package.json
postcss.config.mjs		postcss.config.mjs
prisma.config.ts		prisma.config.ts
tsconfig.json		tsconfig.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

SBOM Component Browser

Features

Tech Stack

Frontend

Backend

Tooling

Getting Started (Local Development)

🐳 Running PostgreSQL with Docker (Recommended)

Start the database

Stop the database

Usage

Supported SBOM Formats

Authentication

Some Screenshots

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Languages

mikmb/sbom-component-browser

Folders and files

Latest commit

History

Repository files navigation

SBOM Component Browser

Features

Tech Stack

Frontend

Backend

Tooling

Getting Started (Local Development)

🐳 Running PostgreSQL with Docker (Recommended)

Start the database

Stop the database

Usage

Supported SBOM Formats

Authentication

Some Screenshots

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Packages