Sunshine - SBOM visualization tool

Analyzed CycloneDX JSON file: sample.json

Summary

Show entries

Search:

No. of Components	Vulnerabilities	Main Component	Spec Version	Serial Number	Version	Tool
114	Critical: 0, High: 2, Medium: 2, Low: 1, Information: 0, Max EPSS → 0.94433, Vulnerabilities in CISA KEV → 1	Type → application, Name → samplebank/SW/_git/SW-sample-app	1.4	urn:uuid:aaaaa	1	Name → SBOM, Version → 1.0

Showing 1 to 1 of 1 entries

Components chart

This chart visualizes components and their dependencies, with each segment representing a single component. The chart provides a hierarchical view of the dependency structure, with relationships radiating outward from the core components.

Innermost circle: represents components that are independent and not dependencies for any other components.
Outer circles: each segment represents a dependency of the corresponding segment in the circle immediately inside it. The farther a segment is from the center, the deeper the dependency level.

Note: If there is only one circle, it means that no dependency relationships are defined in the input file.

The colors of the segments indicate the vulnerability status of the components:

Dark red: affected by at least one critical severity vulnerability.
Red: affected by at least one high severity vulnerability.
Orange: affected by at least one medium severity vulnerability.
Yellow: affected by at least one low severity vulnerability.
Green: affected by at least one informational severity vulnerability.
Light blue: not directly affected by vulnerabilities but has at least one vulnerable dependency.
Grey: neither the component nor its dependencies are affected by any vulnerabilities.

The chart is interactive:

Hovering: displays details about a component, including its name, version, and list of vulnerabilities.
Clicking: refocuses the chart. The clicked segment becomes the center (second innermost circle), showing only that component and its dependencies. In this view, the innermost circle is always blue. Clicking the blue circle navigates back up one level in the dependency hierarchy.

Show all components

Show only components with direct or transitive vulnerabilities

Components table

This table visualizes components, their dependencies, vulnerabilities and licenses.
The colors of the elements in columns "Component", "Depends on" and "Dependency of" indicate the vulnerability status of the components:

Dark red: affected by at least one critical severity vulnerability.
Red: affected by at least one high severity vulnerability.
Orange: affected by at least one medium severity vulnerability.
Yellow: affected by at least one low severity vulnerability.
Green: affected by at least one informational severity vulnerability.
Light blue: not directly affected by vulnerabilities but has at least one vulnerable dependency.
Grey: neither the component nor its dependencies are affected by any vulnerabilities.

The colors of the elements in columns "Direct vulnerabilities" and "Transitive vulnerabilities" indicate the severity of the vulnerabilities:

Dark red: critical.
Red: high.
Orange: medium.
Yellow:low.
Green:informational.

Show entries

Search:

Component	Depends on	Dependency of	Direct vulnerabilities	Transitive vulnerabilities	License

netty-codec-http2 4.1.74.Final	-	-	High → CVE-2023-44487	-	Apache-2.0
system.valuetuple 4.4.0	-	microsoft.recognizers.text 1.3.2	-	-	MIT
system.tSWeading.tasks.extensions 4.5.4	-	azure.core 1.37.0	-	-	MIT
system.tSWeading.tasks 4.3.0	-	system.io 4.3.0	-	-	Microsoft .NET Library EULA, Microsoft .NET Library License, Microsoft .NET Library RTW
system.text.encodings.web 7.0.0	-	system.text.json 7.0.3	-	-	MIT
system.text.encoding 4.3.0	-	system.io 4.3.0	-	-	Microsoft .NET Library EULA, Microsoft .NET Library License, Microsoft .NET Library RTW
system.security.principal 4.3.0	-	system.security.claims 4.3.0	-	-	Microsoft .NET Library EULA, Microsoft .NET Library License
system.runtime.extensions 4.3.0	-	system.security.claims 4.3.0	-	-	Microsoft .NET Library EULA, Microsoft .NET Library License, Microsoft .NET Library RTW
system.runtime 4.3.0	-	system.collections 4.3.0	-	-	Microsoft .NET Library EULA, Microsoft .NET Library License, Microsoft .NET Library RTW
system.reflection.primitives 4.3.0	-	system.reflection 4.3.0	-	-	Microsoft .NET Library EULA, Microsoft .NET Library License, Microsoft .NET Library RTW

Showing 1 to 10 of 114 entries

Vulnerabilities table

This table focuses on vulnerabilities and shows the components that are affected either directly or transitively.
The colors of the elements in column "Vulnerability" indicate the severity of the vulnerabilities:

Dark red: critical.
Red: high.
Orange: medium.
Yellow:low.
Green:informational.

The colors of the elements in columns "Directly vulnerable components" and "Transitively vulnerable components" indicate the vulnerability status of the components:

Dark red: affected by at least one critical severity vulnerability.
Red: affected by at least one high severity vulnerability.
Orange: affected by at least one medium severity vulnerability.
Yellow: affected by at least one low severity vulnerability.
Green: affected by at least one informational severity vulnerability.
Light blue: not directly affected by vulnerabilities but has at least one vulnerable dependency.

Show entries

Search:

Vulnerability	Severity	Score	Vector	EPSS	CISA KEV Date	Directly vulnerable components	Transitively vulnerable components

CVE-2023-44487	High	7.5	AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	0.94433	2023-10-10	netty-codec-http2 4.1.74.Final	-
CVE-2024-30105	High	7.5	AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	0.01052	-	system.text.json 7.0.3	microsoft.fast.components.fluentui 3.5.5
CVE-2024-27086	Low	3.9	AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L	0.0004	-	microsoft.identity.client 4.59.0	-
CVE-2024-35255	Medium	5.5	AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	0.00116	-	microsoft.identity.client 4.59.0	-
CVE-2023-36558	Medium	5.5	AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	0.00405	-	microsoft.aspnetcore.components 7.0.0	microsoft.aspnetcore.components.forms 7.0.0, microsoft.aspnetcore.components.web 7.0.0, fluxor.blazor.web.reduxdevtools 5.9.1, fluxor.blazor.web 5.9.1

Showing 1 to 5 of 5 entries