Make Your SBOM FDA-Ready in Minutes — Not Months
SBOMCheck automatically enriches every component in your SPDX or CycloneDX SBOM with maintenance status and end-of-support dates — exactly what FDA's cybersecurity guidance requires.
No credit card required · SPDX & CycloneDX supported · Results in under 60 seconds
| Component | Version | Status | EOS Date |
|---|---|---|---|
| lodash | 4.17.21 | Actively Maintained | No Fixed EOL |
| log4j-core | 2.14.1 | No Longer Maintained | Dec 31, 2021 |
| openssl | 1.1.1 | Abandoned | Sep 11, 2023 |
| requests | 2.28.0 | Actively Maintained | No Fixed EOL |
Trusted by medical device and health tech teams
(logos shown with permission)
“We went from manually researching 200+ SBOM components to having a complete, FDA-ready lifecycle report in under two minutes.”
— Head of Regulatory Affairs, Medical Device Startup
FDA Now Requires This. Most SBOMs Don't Have It.
Under FDA's 2023 cybersecurity guidance and the PATCH Act, every SBOM submitted with a 510(k) or PMA must include:
- • Maintenance status of each software component
- • End-of-support date for each component
For open-source dependencies, this information is scattered across GitHub, npm, PyPI, endoflife.date, and security databases. Gathering it manually for even a mid-size product can take days.
From Upload to FDA-Ready in 3 Steps
Drop Your SBOM
Upload any SPDX or CycloneDX file — JSON, XML, YAML, TV, or RDF. We parse all versions automatically.
We Do the Research
SBOMCheck queries endoflife.date, npm, PyPI, Maven, GitHub, and OpenSSF Scorecard for every component. AI fills in the gaps.
Download FDA-Ready Output
Get an enriched SBOM file plus a formatted PDF report with methodology disclosure — ready to attach to your submission.
Average enrichment time: ~45 seconds for 100 components
Multi-Source Enrichment Engine
We use a 5-layer strategy: endoflife.date first, then package registries (npm, PyPI, Maven, etc.), then GitHub/GitLab, then OpenSSF Scorecard, and finally an AI fallback for ambiguous components. Each result is tagged with its confidence level so you know the source.
Component detail panel with source badges
Confidence Scoring
Every result shows whether it came from an authoritative source or was AI-inferred. Your QA team knows exactly what to review before submission.
PDF Report for FDA Submission
Exports a professionally formatted PDF with a cover page and methodology section explaining data sources and heuristics — exactly the kind of disclosure FDA reviewers expect.
See It In Action — No Sign-Up Required
Pre-loaded sample SBOM with 8 components. Results fill in as you watch.
| Component | Version | Status | EOL | Confidence |
|---|---|---|---|---|
| lodash | 4.17.21 | |||
| log4j | 2.14.1 | |||
| openssl | 1.1.1 | |||
| requests | 2.28.0 | |||
| moment | 2.18.1 | |||
| spring-core | 5.3.18 | |||
| pyyaml | 5.4.1 | |||
| jquery | 1.8.3 |
Simple Pricing. No VAT Surprises.
All taxes handled globally — you never deal with VAT or sales tax.
Monthly
$19.99/mo
- Unlimited uploads
- Up to 500 components/SBOM
- All export formats (CSV, enriched SBOM, PDF)
- 7-day result cache
- Email support
Enterprise
$99/mo
- Unlimited everything
- Priority enrichment queue
- PDF reports with custom branding
- API access
- Priority support
Billing via Lemon Squeezy. All prices in USD. Tax included where required.
Frequently Asked Questions
Your Next FDA Submission Deserves Better Than a Spreadsheet
Upload your SBOM and get a complete lifecycle enrichment report in under a minute.
Analyze My SBOM — It's FreeJoin teams shipping FDA-compliant software faster.