# Top Free Software Bill of Materials (SBOM) Software

Check out our list of free Software Bill of Materials (SBOM) Software. Products featured on this list are the ones that offer a free trial version. As with most free versions, there are limitations, typically time or features.

If you'd like to see more products and to evaluate additional feature options, compare all [Software Bill of Materials (SBOM) Software](https://www.g2.com/categories/software-bill-of-materials-sbom) to ensure you get the right product.

## View Free Software Bill of Materials (SBOM) Software

G2 takes pride in showing unbiased reviews on user satisfaction in our ratings and reports. We do not allow paid placements in any of our ratings, rankings, or reports. Learn about our [scoring methodologies](https://research.g2.com/g2-scoring-methodologies).

**18** Software Bill of Materials (SBOM) Products Available
View all [Software Bill of Materials (SBOM) Software](https://www.g2.com/categories/software-bill-of-materials-sbom)

View all [Software Bill of Materials (SBOM) Software](https://www.g2.com/categories/software-bill-of-materials-sbom)

### [OX Security](https://www.g2.com/products/ox-security/reviews)

[By OX Security](https://www.g2.com/sellers/ox-security)

[

(51)4.8 out of 5
](https://www.g2.com/products/ox-security/reviews#reviews "Read OX Security Reviews")

Product Description

OX rewires your security program for the Mythos Age: the era where AI writes the code, chains the exploits, and moves faster than human-built defenses can track. OX is the unified Prompt to Runtime

**Users:** Security Engineer · **Industries:** Financial Services, Information Technology and Services · **Market Segment:** 63% Mid-Market, 25% Enterprise

 ![Verified User in Automotive](/assets/icons/anonymous-avatar-purple-4ae1032bdb50ee5682003170c8184aee790d25958bd397abbd384ba52c596a7b.svg "Verified User in Automotive")
EA

As one of OX Security's first customers, I was searching for an effective solution to upscale Upstream Security's application security stack. I...[Read review](https://www.g2.com/products/ox-security/reviews/ox-security-review-10487561)

 ![Verified User in Information Technology and Services](/assets/icons/anonymous-avatar-purple-4ae1032bdb50ee5682003170c8184aee790d25958bd397abbd384ba52c596a7b.svg "Verified User in Information Technology and Services")
UI

Best Free Solution for private users who want to check their repos.[Read review](https://www.g2.com/products/ox-security/reviews/ox-security-review-10491157)

Year Founded
2021

HQ Location
New York, USA

Company Website
https://www.ox.security/

LinkedIn® Page
https://www.linkedin.com/company/ox-security/

### [Cybeats](https://www.g2.com/products/cybeats/reviews)

[By CYBEATS](https://www.g2.com/sellers/cybeats)

[

(15)4.4 out of 5
](https://www.g2.com/products/cybeats/reviews#reviews "Read Cybeats Reviews")

Product Description

Cybeats is at the forefront of cybersecurity innovation and is focused explicitly on automating Software Bill of Materials (SBOM) and Vulnerability Exploitability eXchange (VEX) management. Our platfo

**Market Segment:** 47% Small-Business, 33% Mid-Market

 ![Neelakanta P.](/assets/transparent-ad5be28fbcd25b7b08d2cebe1d957125437fb5407d75ee717965ad22c8808791.gif "Neelakanta P.")
NP

Cybeats is one of its kind tool which discovers varies possible risks and also mitage the effect by reducing the damage on the systems. Hence...[Read review](https://www.g2.com/products/cybeats/reviews/cybeats-review-7105257)

 ![NARENDRA PAL SINGH R.](/assets/transparent-ad5be28fbcd25b7b08d2cebe1d957125437fb5407d75ee717965ad22c8808791.gif "NARENDRA PAL SINGH R.")
NR

Endpoint management and free cloud best solution is best part[Read review](https://www.g2.com/products/cybeats/reviews/cybeats-review-7112972)

Year Founded
2017

HQ Location
Toronto, Ontario

Company Website
https://www.cybeats.com/

Twitter
@cybeatstech

LinkedIn® Page
https://www.linkedin.com/company/cybeats/

[![G2 Advertising](/assets/my-g2-logo-41632af6f81a240a0a9886638f412b2ac9a29f4001534f8c83be89a58ef9d45d.svg "G2 Advertising")](https://sell.g2.com/case-studies/how-aisdr-uses-g2-ads-to-turn-g2-into-top-5-traffic-source)

Sponsored

G2 Advertising

Get 2x conversion than Google Ads with G2 Advertising!

G2 Advertising places your product in premium positions on high-traffic pages and on targeted competitor pages to reach buyers at key comparison moments.

[
Learn More
](https://sell.g2.com/case-studies/how-aisdr-uses-g2-ads-to-turn-g2-into-top-5-traffic-source)

### [Arnica](https://www.g2.com/products/arnica/reviews)

[By Arnica](https://www.g2.com/sellers/arnica)

[

(8)4.9 out of 5
](https://www.g2.com/products/arnica/reviews#reviews "Read Arnica Reviews")

Product Description

Arnica is a comprehensive application security posture management (ASPM) platform that protects developers, source code, and products throughout the software development lifecycle. The platform provid

**Market Segment:** 63% Enterprise, 25% Small-Business

 ![Joe W.](/assets/transparent-ad5be28fbcd25b7b08d2cebe1d957125437fb5407d75ee717965ad22c8808791.gif "Joe W.")
JW

With Arnica, we are streamlining the review process through data driven analytics and automation to guard against the accumulation of excessive...[Read review](https://www.g2.com/products/arnica/reviews/arnica-review-6664928)

 ![Verified User in Information Technology and Services](/assets/icons/anonymous-avatar-purple-4ae1032bdb50ee5682003170c8184aee790d25958bd397abbd384ba52c596a7b.svg "Verified User in Information Technology and Services")
UI

ou quickly understand the security posture of your codebase and can maintain continuous oversight while delegating day-to-day security...[Read review](https://www.g2.com/products/arnica/reviews/arnica-review-12915905)

Year Founded
2021

HQ Location
Alpharetta, Georgia

Company Website
https://www.arnica.io

Twitter
@arnicaio

LinkedIn® Page
https://www.linkedin.com/company/arnica-io/about

### [Mend.io](https://www.g2.com/products/mend-io/reviews)

[By Mend](https://www.g2.com/sellers/mend-ab79a83a-6747-4682-8072-a3c176489d0b)

[

(115)4.3 out of 5
](https://www.g2.com/products/mend-io/reviews#reviews "Read Mend.io Reviews")

Product Description

Modern risk doesn't live in one layer, it lives between them. Mend.io is built for every risk, across AI and AppSec, securing the code layer, the AI layer, and the interactions between them. From disc

**Users:** Software Engineer · **Industries:** Computer Software, Information Technology and Services · **Market Segment:** 37% Small-Business, 34% Mid-Market

 ![Marek N.](/assets/transparent-ad5be28fbcd25b7b08d2cebe1d957125437fb5407d75ee717965ad22c8808791.gif "Marek N.")
MN

I like Renovate works with GitHub and is free[Read review](https://www.g2.com/products/mend-io/reviews/mend-io-review-4570201)

 ![Bervianto Leo P.](/assets/transparent-ad5be28fbcd25b7b08d2cebe1d957125437fb5407d75ee717965ad22c8808791.gif "Bervianto Leo P.")
BP

Security scanning features that allow me to detect the dependencies vulnerabilities. Github integration to detect the dependencies vulnerabilities....[Read review](https://www.g2.com/products/mend-io/reviews/mend-io-review-4687482)

Year Founded
2011

HQ Location
Boston, Massachusetts

Company Website
https://mend.io

Twitter
@Mend\_io

LinkedIn® Page
https://www.linkedin.com/company/2440656/

### [Socket](https://www.g2.com/products/socket-socket/reviews)

[By Socket](https://www.g2.com/sellers/socket)

[

(10)4.7 out of 5
](https://www.g2.com/products/socket-socket/reviews#reviews "Read Socket Reviews")

Product Description

Socket is the leading developer-first security platform that protects modern applications from malicious and vulnerable open source dependencies. By combining real-time package monitoring with AI-powe

**Market Segment:** 40% Mid-Market, 30% Enterprise

 ![Brewin V.](/assets/transparent-ad5be28fbcd25b7b08d2cebe1d957125437fb5407d75ee717965ad22c8808791.gif "Brewin V.")
BV

Socket has been a game-changer for our team. It stands out in the SCA space thanks to its developer-centric design and seamless integration into...[Read review](https://www.g2.com/products/socket-socket/reviews/socket-review-11426706)

Year Founded
2020

HQ Location
San Francisco, US

Company Website
https://socket.dev/

Twitter
@SocketSecurity

LinkedIn® Page
https://www.linkedin.com/company/socketinc/

### [SOOS](https://www.g2.com/products/soos/reviews)

[By SOOS](https://www.g2.com/sellers/soos)

[

(42)4.6 out of 5
](https://www.g2.com/products/soos/reviews#reviews "Read SOOS Reviews")

Product Description

SOOS is the complete application security posture management platform. Scan your software for vulnerabilities, control the introduction of new dependencies, exclude unwanted license types, generate an

**Industries:** Information Technology and Services, Computer Software · **Market Segment:** 50% Mid-Market, 43% Small-Business

 ![Jim B.](/assets/transparent-ad5be28fbcd25b7b08d2cebe1d957125437fb5407d75ee717965ad22c8808791.gif "Jim B.")
JB

Cost-effective for startups. I always put off scanning my open-source libraries because the cost was too high to bear. SOOS takes that off the table.[Read review](https://www.g2.com/products/soos/reviews/soos-review-5200061)

 ![Jeff G.](/assets/transparent-ad5be28fbcd25b7b08d2cebe1d957125437fb5407d75ee717965ad22c8808791.gif "Jeff G.")
JG

SOOS works about as well as Snyk or Sonatype for SCA, and at about 0.1% of the price. Their support has been super responsive and helpful when...[Read review](https://www.g2.com/products/soos/reviews/soos-review-7152570)

Year Founded
2019

HQ Location
Winooski, US

Company Website
https://soos.io

Twitter
@soostech

LinkedIn® Page
https://www.linkedin.com/company/53122310

### [CAST Highlight](https://www.g2.com/products/cast-highlight/reviews)

[By CAST](https://www.g2.com/sellers/cast)

[

(91)4.5 out of 5
](https://www.g2.com/products/cast-highlight/reviews#reviews "Read CAST Highlight Reviews")

Product Description

Portfolio-level insights for app modernization, AI readiness, tech debt, OSS risks CAST Highlight is a SaaS software intelligence technology that delivers rapid, fact-based insights across your ent

**Industries:** Information Technology and Services, Computer Software · **Market Segment:** 57% Enterprise, 24% Small-Business

 ![Verified User in Information Technology and Services](/assets/icons/anonymous-avatar-purple-4ae1032bdb50ee5682003170c8184aee790d25958bd397abbd384ba52c596a7b.svg "Verified User in Information Technology and Services")
CI

Allows rapid scanning of multiple applications simultaneously. Supports GDPR Provides insight into Software health, cloud readiness, licensing...[Read review](https://www.g2.com/products/cast-highlight/reviews/cast-highlight-review-6792279)

 ![Phani G.](/assets/transparent-ad5be28fbcd25b7b08d2cebe1d957125437fb5407d75ee717965ad22c8808791.gif "Phani G.")
PG

Cloud Readiness/Container Blockers is a differentiator Much functionality is also available in tools like Blackduck,Polaris[Read review](https://www.g2.com/products/cast-highlight/reviews/cast-highlight-review-8942545)

Year Founded
1990

HQ Location
New York

Company Website
https://www.castsoftware.com

Twitter
@SW\_Intelligence

LinkedIn® Page
https://www.linkedin.com/company/cast/

Ownership
Bridgepoint

### [JFrog](https://www.g2.com/products/jfrog-2024-03-28/reviews)

[By JFrog Ltd](https://www.g2.com/sellers/jfrog-ltd)

[

(145)4.2 out of 5
](https://www.g2.com/products/jfrog-2024-03-28/reviews#reviews "Read JFrog Reviews")

Product Description

JFrog Ltd. (Nasdaq: FROG), the creators of the unified DevOps, DevSecOps, DevGovOps and MLOps platform, is on a mission to create a world of software delivered without friction from development to pro

**Users:** Software Engineer, DevOps Engineer · **Industries:** Information Technology and Services, Computer Software · **Market Segment:** 50% Enterprise, 30% Mid-Market

 ![Sifiso M.](/assets/transparent-ad5be28fbcd25b7b08d2cebe1d957125437fb5407d75ee717965ad22c8808791.gif "Sifiso M.")
SM

I love how JFrog keeps software versions consistent across multiple machines, which is crucial for my work. It helps reduce errors during installs...[Read review](https://www.g2.com/products/jfrog-2024-03-28/reviews/jfrog-review-12528942)

 ![Verified User in Consulting](/assets/icons/anonymous-avatar-purple-4ae1032bdb50ee5682003170c8184aee790d25958bd397abbd384ba52c596a7b.svg "Verified User in Consulting")
AC

The main advantage is its universal repository support, which allows you to connect different artifact types such as Docker, Apache Airflow,...[Read review](https://www.g2.com/products/jfrog-2024-03-28/reviews/jfrog-review-12902716)

Year Founded
2008

HQ Location
Sunnyvale, CA

Company Website
https://jfrog.com

Twitter
@jfrog

LinkedIn® Page
https://www.linkedin.com/company/jfrog-ltd/

Ownership
NASDAQ: FROG

### [SonarQube](https://www.g2.com/products/sonarqube/reviews)

[By SonarSource Sàrl](https://www.g2.com/sellers/sonarsource-sarl)

[

(154)4.4 out of 5
](https://www.g2.com/products/sonarqube/reviews#reviews "Read SonarQube Reviews")

Product Description

Sonar, the industry standard for code verification and automated code review, helps reduce outages, improve security, and lower risks associated with AI and agentic coding. As an independent verificat

**Users:** DevOps Engineer, Software Engineer · **Industries:** Information Technology and Services, Computer Software · **Market Segment:** 43% Enterprise, 40% Mid-Market

 ![Mukesh K. R.](/assets/transparent-ad5be28fbcd25b7b08d2cebe1d957125437fb5407d75ee717965ad22c8808791.gif "Mukesh K. R.")
MR

Simple deployment. Very easy installing is practiced particularly on Kubernetes using YAML formats. Moreover, integration with GitHub by means of...[Read review](https://www.g2.com/products/sonarqube/reviews/sonarqube-review-9607188)

 ![Arnaud T.](/assets/transparent-ad5be28fbcd25b7b08d2cebe1d957125437fb5407d75ee717965ad22c8808791.gif "Arnaud T.")
AT

SonarCloud is very easy to set up, and integrates nicely into your development platform. It supports a large number of languages, rules, and can...[Read review](https://www.g2.com/products/sonarqube/reviews/sonarqube-review-11054230)

Year Founded
2008

HQ Location
Geneva, Switzerland

Company Website
https://www.sonarsource.com

Twitter
@SonarSource

LinkedIn® Page
https://www.linkedin.com/company/sonarsource/

### [Xygeni](https://www.g2.com/products/xygeni/reviews)

[By Xygeni Security](https://www.g2.com/sellers/xygeni-security)

[

(5)4.6 out of 5
](https://www.g2.com/products/xygeni/reviews#reviews "Read Xygeni Reviews")

Product Description

Secure your Software Development and Delivery! Xygeni Security specializes in Application Security Posture Management (ASPM), using deep contextual insights to effectively prioritize and manage secur

**Market Segment:** 60% Small-Business, 40% Mid-Market

 ![Óscar G.](/assets/transparent-ad5be28fbcd25b7b08d2cebe1d957125437fb5407d75ee717965ad22c8808791.gif "Óscar G.")
ÓG

- Real-time malware detection: Xygeni’s early warning system has been a game-changer, identifying malicious open source components before they can...[Read review](https://www.g2.com/products/xygeni/reviews/xygeni-review-10880934)

Year Founded
2021

HQ Location
Madrid, ES

Company Website
https://xygeni.io

Twitter
@xygeni

LinkedIn® Page
https://www.linkedin.com/company/xygeni/

### [CAST SBOM Manager](https://www.g2.com/products/cast-sbom-manager/reviews)

[By CAST](https://www.g2.com/sellers/cast)

[
0 ratings
](https://www.g2.com/products/cast-sbom-manager/reviews#reviews "Read CAST SBOM Manager Reviews")

Product Description

CAST SBOM Manager enables users to automatically create, customize, and maintain Software Bill of Materials (SBOMs) with the ultimate level of control and flexibility. It detects open source dependenc

Year Founded
1990

HQ Location
New York

Company Website
https://www.castsoftware.com

Twitter
@SW\_Intelligence

LinkedIn® Page
https://www.linkedin.com/company/cast/

Ownership
Bridgepoint

### [Eracent SBOM-HQ](https://www.g2.com/products/eracent-sbom-hq/reviews)

[By Eracent](https://www.g2.com/sellers/eracent)

[
0 ratings
](https://www.g2.com/products/eracent-sbom-hq/reviews#reviews "Read Eracent SBOM-HQ Reviews")

Product Description

SBOM-HQ™ - from Eracent SBOM-HQ™ provides a well-rounded set of data, reporting and analysis features that help organizations minimize risks and comply with cyber mandates and directives. While

Year Founded
2000

HQ Location
Riegelsville, Pennsylvania

Company Website
https://www.eracent.com

Twitter
@eracent

LinkedIn® Page
https://www.linkedin.com/company/15155

### [FOSSA](https://www.g2.com/products/fossa/reviews)

[By FOSSA](https://www.g2.com/sellers/fossa)

[

(15)4.2 out of 5
](https://www.g2.com/products/fossa/reviews#reviews "Read FOSSA Reviews")

Product Description

Open source is a critical part of your software. In the average modern software product, over 80% of the source code shipped is derived from open source. Each component can have cascading legal, secur

**Industries:** Computer Software · **Market Segment:** 47% Small-Business, 33% Mid-Market

 ![JAZEEL ANWAR J.](/assets/transparent-ad5be28fbcd25b7b08d2cebe1d957125437fb5407d75ee717965ad22c8808791.gif "JAZEEL ANWAR J.")
JJ

It reduces the time needed to identify open-source licensing issues. It is easy to use and it is user-friendly. It allows you to know the licenses...[Read review](https://www.g2.com/products/fossa/reviews/fossa-review-7285953)

 ![Verified User in Leisure, Travel & Tourism](/assets/icons/anonymous-avatar-purple-4ae1032bdb50ee5682003170c8184aee790d25958bd397abbd384ba52c596a7b.svg "Verified User in Leisure, Travel & Tourism")
IL

FOSSA stands for Free and Open Source Software Analysis which automates the management of open source compliance and security. Up to 90% of the...[Read review](https://www.g2.com/products/fossa/reviews/fossa-review-7403272)

Year Founded
2015

HQ Location
San Francisco, California

Company Website
https://www.fossa.io

Twitter
@getfossa

LinkedIn® Page
https://www.linkedin.com/company/fossa/

### [Heeler](https://www.g2.com/products/heeler/reviews)

[By Heeler Security](https://www.g2.com/sellers/heeler-security)

[
0 ratings
](https://www.g2.com/products/heeler/reviews#reviews "Read Heeler Reviews")

Product Description

Heeler empowers application security teams to shift left with the context they need to reduce noise, accelerate remediation, and move beyond traditional vulnerability management. By combining ASPM, SC

Year Founded
2023

HQ Location
N/A

Company Website
https://www.heeler.com

LinkedIn® Page
https://www.linkedin.com/company/heeler-security

### [MergeBase](https://www.g2.com/products/mergebase/reviews)

[By MergeBase Software](https://www.g2.com/sellers/mergebase-software)

[

(20)4.5 out of 5
](https://www.g2.com/products/mergebase/reviews#reviews "Read MergeBase Reviews")

Product Description

MergeBase is revolutionizing software supply chain protection with a full-featured, developer-oriented SCA solution that brings the lowest false positives in the industry and complete DevOps coverage

**Industries:** Computer Software · **Market Segment:** 40% Small-Business, 35% Mid-Market

 ![Divit G.](/assets/transparent-ad5be28fbcd25b7b08d2cebe1d957125437fb5407d75ee717965ad22c8808791.gif "Divit G.")
DG

The best feature of MergeBase has to be it's ease of usage. Development for future becomes super easy purely because of the intuitiveness of the...[Read review](https://www.g2.com/products/mergebase/reviews/mergebase-review-7282629)

 ![Chandan M.](/assets/transparent-ad5be28fbcd25b7b08d2cebe1d957125437fb5407d75ee717965ad22c8808791.gif "Chandan M.")
CM

It helps in reducing risk in whole product development by suggesting and removing vulnerabilities An all in one product+ consultation solution on...[Read review](https://www.g2.com/products/mergebase/reviews/mergebase-review-7286474)

Year Founded
2018

HQ Location
Coquitlam, British Columbia

Company Website
https://mergebase.com/

Twitter
@mergebasesecure

LinkedIn® Page
https://www.linkedin.com/company/mergebase/

[![G2 Advertising](/assets/my-g2-logo-41632af6f81a240a0a9886638f412b2ac9a29f4001534f8c83be89a58ef9d45d.svg "G2 Advertising")](https://sell.g2.com/case-studies/how-aisdr-uses-g2-ads-to-turn-g2-into-top-5-traffic-source)

Sponsored

G2 Advertising

Get 2x conversion than Google Ads with G2 Advertising!

G2 Advertising places your product in premium positions on high-traffic pages and on targeted competitor pages to reach buyers at key comparison moments.

[
Learn More
](https://sell.g2.com/case-studies/how-aisdr-uses-g2-ads-to-turn-g2-into-top-5-traffic-source)

- &lsaquo; Prev‹ Prev
- 1
- [2](/categories/software-bill-of-materials-sbom/free?order=popular&page=2#product-list)
- [Next &rsaquo;Next ›](/categories/software-bill-of-materials-sbom/free?order=popular&page=2#product-list)