Question 1

What is an SBOM?

Accepted Answer

A Software Bill of Materials (SBOM) is a complete inventory of all components in a software product including dependencies, versions, licenses, and vulnerability data. Required by US Executive Order 14028 and EU Cyber Resilience Act.

Question 2

What is NTIA EO14028 compliance?

Accepted Answer

US Executive Order 14028 requires software vendors selling to federal agencies to provide SBOMs with 7 minimum elements: supplier name, component name, version, unique identifiers, dependency relationships, SBOM author, and timestamp.

Question 3

Does Deptic support private GitHub repositories?

Accepted Answer

Yes. Deptic uses GitHub OAuth to access private repositories you own. We only read manifest files — never your source code.

Question 4

Which package ecosystems does Deptic support?

Accepted Answer

Deptic supports npm (Node.js), pip (Python), Maven (Java), Go modules, Rust (Cargo), Ruby (Gemfile), PHP (Composer), and .NET (NuGet) — 8 ecosystems in total.

Question 5

Is Deptic free?

Accepted Answer

Yes. Deptic has a free plan with 10 scans per day, CVE detection, and CycloneDX + SPDX SBOM export. Enterprise plan is ₹999/month with 25 scans per day and additional features.

File	Priority	Notes
`requirements.txt`	High	Standard pip requirements
`pyproject.toml`	High	Poetry, Flit, Hatchling
`Pipfile.lock`	Medium	Pipenv locked dependencies
`setup.py`	Low	Legacy setuptools (static parsing only)

pip / Python Scanner

Manifest files detected:

PURL format for PyPI:

Known limitations: