Question 1

What is an SBOM?

Accepted Answer

A Software Bill of Materials (SBOM) is a complete inventory of all components in a software product including dependencies, versions, licenses, and vulnerability data. Required by US Executive Order 14028 and EU Cyber Resilience Act.

Question 2

What is NTIA EO14028 compliance?

Accepted Answer

US Executive Order 14028 requires software vendors selling to federal agencies to provide SBOMs with 7 minimum elements: supplier name, component name, version, unique identifiers, dependency relationships, SBOM author, and timestamp.

Question 3

Does Deptic support private GitHub repositories?

Accepted Answer

Yes. Deptic uses GitHub OAuth to access private repositories you own. We only read manifest files — never your source code.

Question 4

Which package ecosystems does Deptic support?

Accepted Answer

Deptic supports npm (Node.js), pip (Python), Maven (Java), Go modules, Rust (Cargo), Ruby (Gemfile), PHP (Composer), and .NET (NuGet) — 8 ecosystems in total.

Question 5

Is Deptic free?

Accepted Answer

Yes. Deptic has a free plan with 10 scans per day, CVE detection, and CycloneDX + SPDX SBOM export. Enterprise plan is ₹999/month with 25 scans per day and additional features.

File	Priority	Notes
`go.mod`	High	Primary module file
`go.sum`	High	Checksums and exact version locking

Go Modules Scanner

Manifest files detected:

Indirect dependencies:

PURL format for Golang:

Known limitations: