Sunshine - SBOM visualization tool


Analyzed CycloneDX JSON file: sample.json

Summary

No. of ComponentsVulnerabilitiesMain ComponentSpec VersionSerial NumberVersionTool
114Critical: 0,  High: 2,  Medium: 2,  Low: 1,  Information: 0,
Max EPSS → 0.94433,
Vulnerabilities in CISA KEV → 1		Type → application,
Name → samplebank/SW/_git/SW-sample-app		1.4urn:uuid:aaaaa1Name → SBOM,
Version → 1.0


Components chart

This chart visualizes components and their dependencies, with each segment representing a single component. The chart provides a hierarchical view of the dependency structure, with relationships radiating outward from the core components.
Note: If there is only one circle, it means that no dependency relationships are defined in the input file.

The colors of the segments indicate the vulnerability status of the components: The chart is interactive:

Components table

This table visualizes components, their dependencies, vulnerabilities and licenses.
The colors of the elements in columns "Component", "Depends on" and "Dependency of" indicate the vulnerability status of the components:
The colors of the elements in columns "Direct vulnerabilities" and "Transitive vulnerabilities" indicate the severity of the vulnerabilities:

Component Depends on Dependency of Direct
vulnerabilities		 Transitive
vulnerabilities		 License
netty-codec-http2 4.1.74.Final--High → CVE-2023-44487-Apache-2.0
system.valuetuple 4.4.0-microsoft.recognizers.text 1.3.2--MIT
system.tSWeading.tasks.extensions 4.5.4-azure.core 1.37.0--MIT
system.tSWeading.tasks 4.3.0-system.io 4.3.0--Microsoft .NET Library EULA,
Microsoft .NET Library License,
Microsoft .NET Library RTW
system.text.json 7.0.3system.text.encodings.web 7.0.0microsoft.fast.components.fluentui 3.5.5High → CVE-2024-30105-MIT
system.text.encodings.web 7.0.0-system.text.json 7.0.3--MIT
system.text.encoding 4.3.0-system.io 4.3.0--Microsoft .NET Library EULA,
Microsoft .NET Library License,
Microsoft .NET Library RTW
system.security.principal 4.3.0-system.security.claims 4.3.0--Microsoft .NET Library EULA,
Microsoft .NET Library License
system.security.claims 4.3.0system.runtime.extensions 4.3.0,
system.collections 4.3.0,
system.io 4.3.0,
system.security.principal 4.3.0,
system.resources.resourcemanager 4.3.0,
system.globalization 4.3.0		microsoft.graph.core 3.1.8--Microsoft .NET Library EULA,
Microsoft .NET Library License
system.runtime.extensions 4.3.0-system.security.claims 4.3.0--Microsoft .NET Library EULA,
Microsoft .NET Library License,
Microsoft .NET Library RTW
system.runtime 4.3.0-system.collections 4.3.0--Microsoft .NET Library EULA,
Microsoft .NET Library License,
Microsoft .NET Library RTW
system.resources.resourcemanager 4.3.0system.reflection 4.3.0system.security.claims 4.3.0--Microsoft .NET Library EULA,
Microsoft .NET Library License,
Microsoft .NET Library RTW
system.reflection.primitives 4.3.0-system.reflection 4.3.0--Microsoft .NET Library EULA,
Microsoft .NET Library License,
Microsoft .NET Library RTW
system.reflection 4.3.0system.reflection.primitives 4.3.0system.resources.resourcemanager 4.3.0--Microsoft .NET Library EULA,
Microsoft .NET Library License,
Microsoft .NET Library RTW
system.numerics.vectors 4.5.0-azure.core 1.37.0--MIT
system.memory.data 1.0.2-azure.core 1.37.0--MIT
system.io.pipelines 8.0.0-microsoft.aspnetcore.components.web 8.0.0--MIT
system.io.pipelines 7.0.0-microsoft.aspnetcore.components.web 7.0.0--MIT
system.io 4.3.0system.tSWeading.tasks 4.3.0,
system.text.encoding 4.3.0		system.security.claims 4.3.0--Microsoft .NET Library EULA,
Microsoft .NET Library License
system.identitymodel.tokens.jwt 7.3.1microsoft.identitymodel.jsonwebtokens 7.3.1microsoft.identitymodel.protocols.openidconnect 7.3.1--MIT
system.globalization 4.3.0-system.security.claims 4.3.0--Microsoft .NET Library EULA,
Microsoft .NET Library License
system.diagnostics.diagnosticsource 8.0.0-microsoft.extensions.diagnostics.abstractions 8.0.0--MIT
system.componentmodel.annotations 5.0.0-microsoft.extensions.options.dataannotations 6.0.0--MIT
system.collections.immutable 1.4.0-microsoft.recognizers.text 1.3.2--MIT
system.collections 4.3.0microsoft.netcore.targets 1.1.0,
system.runtime 4.3.0		system.security.claims 4.3.0--Microsoft .NET Library EULA,
Microsoft .NET Library License,
Microsoft .NET Library RTW
system.buffers 4.5.0-microsoft.net.http.headers 2.1.0--MIT
std.uritemplate 0.0.50-microsoft.kiota.abstractions 1.7.9--Apache-2.0
polly.extensions.http 3.0.0-microsoft.extensions.http.polly 8.0.2--BSD-3-Clause
polly.contrib.waitandretry 1.1.1----BSD-3-Clause
polly 7.2.4-microsoft.extensions.http.polly 8.0.2--BSD-3-Clause
oneof 2.1.155-antdesign 0.18.0--Bouncy Castle License,
MIT
newtonsoft.json 13.0.1-microsoft.bot.schema 4.21.1,
fluxor.blazor.web.reduxdevtools 5.9.1		--MIT
netstandard.library 2.0.3microsoft.netcore.platforms 1.1.0microsoft.graph.core 3.1.8--MIT
microsoft.teamsfx 2.4.0microsoft.bot.builder.dialogs 4.21.1,
microsoft.extensions.options.dataannotations 6.0.0		---MIT
microsoft.rest.clientruntime 2.3.24-microsoft.bot.connector 4.21.1--MIT
microsoft.recognizers.text.numberwithunit 1.3.2-microsoft.recognizers.text.datetime 1.3.2--MIT
microsoft.recognizers.text.number 1.3.2-microsoft.recognizers.text.datetime 1.3.2--MIT
microsoft.recognizers.text.datetime 1.3.2microsoft.recognizers.text.numberwithunit 1.3.2,
microsoft.recognizers.text.number 1.3.2		microsoft.bot.builder.dialogs 4.21.1--MIT
microsoft.recognizers.text.choice 1.3.2microsoft.recognizers.text 1.3.2microsoft.bot.builder.dialogs 4.21.1--MIT
microsoft.recognizers.text 1.3.2system.valuetuple 4.4.0,
microsoft.extensions.caching.memory 2.0.0,
system.collections.immutable 1.4.0		microsoft.recognizers.text.choice 1.3.2--MIT
microsoft.netcore.targets 1.1.0-system.collections 4.3.0--Microsoft .NET Library EULA,
Microsoft .NET Library License,
Microsoft .NET Library RTW
microsoft.netcore.platforms 1.1.0-netstandard.library 2.0.3--Microsoft .NET Library EULA,
Microsoft .NET Library License,
Microsoft .NET Library RTW
microsoft.net.http.headers 2.1.0system.buffers 4.5.0microsoft.bot.streaming 4.21.1--Apache-2.0
microsoft.kiota.serialization.text 1.1.2-microsoft.graph.core 3.1.8--MIT
microsoft.kiota.serialization.multipart 1.1.2-microsoft.graph.core 3.1.8--MIT
microsoft.kiota.serialization.json 1.1.5-microsoft.graph.core 3.1.8--MIT
microsoft.kiota.serialization.form 1.1.3-microsoft.graph.core 3.1.8--MIT
microsoft.kiota.http.httpclientlibrary 1.3.6-microsoft.graph.core 3.1.8--MIT
microsoft.kiota.authentication.azure 1.1.3azure.core 1.37.0microsoft.graph.core 3.1.8--MIT
microsoft.kiota.abstractions 1.7.9std.uritemplate 0.0.50microsoft.graph.core 3.1.8--MIT
microsoft.jsinterop 8.0.0-microsoft.aspnetcore.components.web 8.0.0--MIT
microsoft.jsinterop 7.0.0-microsoft.aspnetcore.components.web 7.0.0--MIT
microsoft.identitymodel.tokens 7.3.1-microsoft.identitymodel.protocols 7.3.1--MIT
microsoft.identitymodel.protocols.openidconnect 7.3.1system.identitymodel.tokens.jwt 7.3.1,
microsoft.identitymodel.protocols 7.3.1		microsoft.graph.core 3.1.8--MIT
microsoft.identitymodel.protocols 7.3.1microsoft.identitymodel.tokens 7.3.1,
microsoft.identitymodel.logging 7.3.1		microsoft.identitymodel.protocols.openidconnect 7.3.1--MIT
microsoft.identitymodel.logging 7.3.1microsoft.identitymodel.abstractions 7.3.1microsoft.identitymodel.protocols 7.3.1--MIT
microsoft.identitymodel.jsonwebtokens 7.3.1-system.identitymodel.tokens.jwt 7.3.1--MIT
microsoft.identitymodel.abstractions 7.3.1-microsoft.identitymodel.logging 7.3.1--MIT
microsoft.identitymodel.abstractions 6.22.0-microsoft.identity.client 4.59.0--MIT
microsoft.identity.client 4.59.0microsoft.identitymodel.abstractions 6.22.0-Medium → CVE-2024-35255,
Low → CVE-2024-27086		-MIT
microsoft.identity.abstractions 5.1.0----MIT
microsoft.graph.core 3.1.8microsoft.kiota.abstractions 1.7.9,
microsoft.identitymodel.protocols.openidconnect 7.3.1,
microsoft.kiota.authentication.azure 1.1.3,
system.security.claims 4.3.0,
microsoft.kiota.serialization.json 1.1.5,
microsoft.kiota.serialization.multipart 1.1.2,
microsoft.kiota.http.httpclientlibrary 1.3.6,
microsoft.kiota.serialization.form 1.1.3,
netstandard.library 2.0.3,
microsoft.kiota.serialization.text 1.1.2		microsoft.graph 5.44.0--MIT
microsoft.graph 5.44.0microsoft.graph.core 3.1.8---MIT
microsoft.fast.components.fluentui 3.5.5microsoft.extensions.hosting.abstractions 7.0.0,
system.text.json 7.0.3		--High → CVE-2024-30105MIT
microsoft.extensions.primitives 8.0.0-microsoft.extensions.configuration.abstractions 8.0.0,
microsoft.extensions.options 8.0.0		--MIT
microsoft.extensions.options.dataannotations 6.0.0system.componentmodel.annotations 5.0.0microsoft.teamsfx 2.4.0--MIT
microsoft.extensions.options.configurationextensions 8.0.0microsoft.extensions.configuration.binder 8.0.0microsoft.extensions.diagnostics 8.0.0--MIT
microsoft.extensions.options 8.0.0microsoft.extensions.primitives 8.0.0microsoft.extensions.diagnostics.abstractions 8.0.0,
microsoft.aspnetcore.authorization 8.0.0		--MIT
microsoft.extensions.options 7.0.0-microsoft.aspnetcore.authorization 7.0.0--MIT
microsoft.extensions.logging.abstractions 8.0.0microsoft.extensions.dependencyinjection.abstractions 8.0.0microsoft.extensions.http 8.0.0,
microsoft.aspnetcore.authorization 8.0.0		--MIT
microsoft.extensions.logging 8.0.0microsoft.extensions.dependencyinjection 8.0.0microsoft.extensions.http 8.0.0--MIT
microsoft.extensions.http.polly 8.0.2microsoft.extensions.http 8.0.0,
polly 7.2.4,
polly.extensions.http 3.0.0		---MIT
microsoft.extensions.http 8.0.0microsoft.extensions.dependencyinjection.abstractions 8.0.0,
microsoft.extensions.logging.abstractions 8.0.0,
microsoft.extensions.logging 8.0.0,
microsoft.extensions.configuration.abstractions 8.0.0,
microsoft.extensions.diagnostics 8.0.0		microsoft.extensions.http.polly 8.0.2--MIT
microsoft.extensions.hosting.abstractions 7.0.0microsoft.extensions.fileproviders.abstractions 7.0.0microsoft.fast.components.fluentui 3.5.5--MIT
microsoft.extensions.fileproviders.abstractions 7.0.0-microsoft.extensions.hosting.abstractions 7.0.0--MIT
microsoft.extensions.diagnostics.abstractions 8.0.0system.diagnostics.diagnosticsource 8.0.0,
microsoft.extensions.options 8.0.0		microsoft.extensions.diagnostics 8.0.0--MIT
microsoft.extensions.diagnostics 8.0.0microsoft.extensions.options.configurationextensions 8.0.0,
microsoft.extensions.diagnostics.abstractions 8.0.0,
microsoft.extensions.configuration 8.0.0		microsoft.extensions.http 8.0.0--MIT
microsoft.extensions.dependencyinjection.abstractions 8.0.0-microsoft.extensions.http 8.0.0,
microsoft.extensions.logging.abstractions 8.0.0		--MIT
microsoft.extensions.dependencyinjection 8.0.0-microsoft.extensions.logging 8.0.0,
microsoft.aspnetcore.components.web 8.0.0		--MIT
microsoft.extensions.dependencyinjection 7.0.0-microsoft.aspnetcore.components.web 7.0.0--MIT
microsoft.extensions.configuration.binder 8.0.0-microsoft.extensions.options.configurationextensions 8.0.0--MIT
microsoft.extensions.configuration.abstractions 8.0.0microsoft.extensions.primitives 8.0.0microsoft.extensions.http 8.0.0--MIT
microsoft.extensions.configuration 8.0.0-microsoft.extensions.diagnostics 8.0.0--MIT
microsoft.extensions.caching.memory 2.0.0microsoft.extensions.caching.abstractions 2.0.0microsoft.recognizers.text 1.3.2--Apache-2.0
microsoft.extensions.caching.abstractions 2.0.0-microsoft.extensions.caching.memory 2.0.0--Apache-2.0
microsoft.csharp 4.5.0-microsoft.bot.connector 4.21.1--MIT
microsoft.bot.streaming 4.21.1microsoft.net.http.headers 2.1.0microsoft.bot.connector.streaming 4.21.1--MIT
microsoft.bot.schema 4.21.1newtonsoft.json 13.0.1microsoft.bot.connector.streaming 4.21.1--MIT
microsoft.bot.connector.streaming 4.21.1microsoft.bot.streaming 4.21.1,
microsoft.bot.schema 4.21.1		microsoft.bot.builder 4.21.1--MIT
microsoft.bot.connector 4.21.1microsoft.rest.clientruntime 2.3.24,
microsoft.csharp 4.5.0		microsoft.bot.builder 4.21.1--MIT
microsoft.bot.builder.dialogs 4.21.1microsoft.recognizers.text.choice 1.3.2,
microsoft.bot.builder 4.21.1,
microsoft.recognizers.text.datetime 1.3.2		microsoft.teamsfx 2.4.0--MIT
microsoft.bot.builder 4.21.1microsoft.bot.connector 4.21.1,
microsoft.bot.connector.streaming 4.21.1		microsoft.bot.builder.dialogs 4.21.1--MIT
microsoft.bcl.asyncinterfaces 1.1.1-azure.core 1.37.0--MIT
microsoft.aspnetcore.metadata 8.0.0-microsoft.aspnetcore.authorization 8.0.0--MIT
microsoft.aspnetcore.metadata 7.0.0-microsoft.aspnetcore.authorization 7.0.0--MIT
microsoft.aspnetcore.components.web 8.0.0microsoft.aspnetcore.components.forms 8.0.0,
system.io.pipelines 8.0.0,
microsoft.jsinterop 8.0.0,
microsoft.extensions.dependencyinjection 8.0.0		antdesign 0.18.0--MIT
microsoft.aspnetcore.components.web 7.0.0microsoft.aspnetcore.components.forms 7.0.0,
microsoft.jsinterop 7.0.0,
microsoft.extensions.dependencyinjection 7.0.0,
system.io.pipelines 7.0.0		fluxor.blazor.web 5.9.1-Medium → CVE-2023-36558MIT
microsoft.aspnetcore.components.forms 8.0.0microsoft.aspnetcore.components 8.0.0microsoft.aspnetcore.components.web 8.0.0--MIT
microsoft.aspnetcore.components.forms 7.0.0microsoft.aspnetcore.components 7.0.0microsoft.aspnetcore.components.web 7.0.0-Medium → CVE-2023-36558MIT
microsoft.aspnetcore.components.dataannotations.validation 3.2.0-rc1.20223.4-antdesign 0.18.0--Apache-2.0
microsoft.aspnetcore.components.analyzers 8.0.0-microsoft.aspnetcore.components 8.0.0--MIT
microsoft.aspnetcore.components.analyzers 7.0.0-microsoft.aspnetcore.components 7.0.0--MIT
microsoft.aspnetcore.components 8.0.0microsoft.aspnetcore.authorization 8.0.0,
microsoft.aspnetcore.components.analyzers 8.0.0		microsoft.aspnetcore.components.forms 8.0.0--MIT
microsoft.aspnetcore.components 7.0.0microsoft.aspnetcore.components.analyzers 7.0.0,
microsoft.aspnetcore.authorization 7.0.0		microsoft.aspnetcore.components.forms 7.0.0Medium → CVE-2023-36558-MIT
microsoft.aspnetcore.authorization 8.0.0microsoft.aspnetcore.metadata 8.0.0,
microsoft.extensions.logging.abstractions 8.0.0,
microsoft.extensions.options 8.0.0		microsoft.aspnetcore.components 8.0.0--MIT
microsoft.aspnetcore.authorization 7.0.0microsoft.extensions.options 7.0.0,
microsoft.aspnetcore.metadata 7.0.0		microsoft.aspnetcore.components 7.0.0--MIT
microsoft.aspnetcore.authentication.jwtbearer 8.0.2----MIT
fluxor.blazor.web.reduxdevtools 5.9.1fluxor.blazor.web 5.9.1,
newtonsoft.json 13.0.1		--Medium → CVE-2023-36558MIT
fluxor.blazor.web 5.9.1microsoft.aspnetcore.components.web 7.0.0,
fluxor 5.9.1		fluxor.blazor.web.reduxdevtools 5.9.1-Medium → CVE-2023-36558MIT
fluxor 5.9.1-fluxor.blazor.web 5.9.1--MIT
fluentvalidation.dependencyinjectionextensions 11.9.0fluentvalidation 11.9.0---Apache-2.0
fluentvalidation 11.9.0-fluentvalidation.dependencyinjectionextensions 11.9.0--Apache-2.0
azure.core 1.37.0system.numerics.vectors 4.5.0,
system.memory.data 1.0.2,
microsoft.bcl.asyncinterfaces 1.1.1,
system.tSWeading.tasks.extensions 4.5.4		microsoft.kiota.authentication.azure 1.1.3--MIT
antdesign 0.18.0microsoft.aspnetcore.components.dataannotations.validation 3.2.0-rc1.20223.4,
oneof 2.1.155,
microsoft.aspnetcore.components.web 8.0.0		---MIT

Vulnerabilities table

This table focuses on vulnerabilities and shows the components that are affected either directly or transitively.
The colors of the elements in column "Vulnerability" indicate the severity of the vulnerabilities:
The colors of the elements in columns "Directly vulnerable components" and "Transitively vulnerable components" indicate the vulnerability status of the components:

Vulnerability Severity Score Vector EPSS CISA KEV Date Directly vulnerable
components		 Transitively vulnerable
components
CVE-2023-44487High7.5AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H0.944332023-10-10netty-codec-http2 4.1.74.Final-
CVE-2024-30105High7.5AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H0.01052-system.text.json 7.0.3microsoft.fast.components.fluentui 3.5.5
CVE-2024-27086Low3.9AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L0.0004-microsoft.identity.client 4.59.0-
CVE-2024-35255Medium5.5AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N0.00116-microsoft.identity.client 4.59.0-
CVE-2023-36558Medium5.5AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N0.00405-microsoft.aspnetcore.components 7.0.0microsoft.aspnetcore.components.forms 7.0.0,
microsoft.aspnetcore.components.web 7.0.0,
fluxor.blazor.web.reduxdevtools 5.9.1,
fluxor.blazor.web 5.9.1