sbom @ 0.10.0 View on hex.pm View source on GitHub
Mix task to generate a Software Bill-of-Materials (SBoM) in CycloneDX format
All systems passing
Report incorrect info for this package →
Dependencies & versions
Version Tested
Last Test Run
2026-04-23T08:53:15.720169Z
Compilation Determinism
Non-deterministic
Differences detected between rebuilds
- [nerves_system_mangopi_mq_pro] changed: ebin/Elixir.SBoM.CycloneDX.Common.Constants.beam (688071dd → 259ff6ba)
- [nerves_system_rpi4] changed: ebin/Elixir.SBoM.CycloneDX.Common.Constants.beam (688071dd → 259ff6ba)
- [nerves_system_x86_64] changed: ebin/Elixir.SBoM.CycloneDX.Common.Constants.beam (688071dd → 259ff6ba)
Beam scanner — runtime capability snapshot
Beam scanner
Runtime capability snapshot
Static scan of the compiled release after mix firmware.
NIF usage
Not detected
Native code or C bindings
Shell/OS exec
Not detected
External commands or ports
Shell helpers
Not detected
Shell commands via System/os
App config reads
Not detected
Application env lookups
OS env reads
Not detected
Environment variable access
Start callback
Detected
Start modules: Elixir.SBoM.Application
Halt calls
Detected
Elixir.SBoM.CLI Elixir.System:halt/1
Elixir.SBoM.Escript Elixir.System:halt/1
Protocol: Elixir.SBoM.CycloneDX.JSON.Decodable (fallback to any)
Protocol: Elixir.SBoM.CycloneDX.JSON.Encodable (fallback to any)
Protocol: Elixir.SBoM.CycloneDX.XML.Decodable (fallback to any)
Protocol: Elixir.SBoM.CycloneDX.XML.Encodable
Impl: Elixir.SBoM.CycloneDX.JSON.Decodable for Any -> Elixir.SBoM.CycloneDX.JSON.Decodable.Any
Impl: Elixir.SBoM.CycloneDX.JSON.Decodable for Google.Protobuf.Any -> Elixir.SBoM.CycloneDX.JSON.Decodable.Google.Protobuf.Any
Impl: Elixir.SBoM.CycloneDX.JSON.Decodable for Google.Protobuf.BoolValue -> Elixir.SBoM.CycloneDX.JSON.Decodable.Google.Protobuf.BoolValue
Impl: Elixir.SBoM.CycloneDX.JSON.Decodable for Google.Protobuf.BytesValue -> Elixir.SBoM.CycloneDX.JSON.Decodable.Google.Protobuf.BytesValue
Impl: Elixir.SBoM.CycloneDX.JSON.Decodable for Google.Protobuf.DoubleValue -> Elixir.SBoM.CycloneDX.JSON.Decodable.Google.Protobuf.DoubleValue
Impl: Elixir.SBoM.CycloneDX.JSON.Decodable for Google.Protobuf.Duration -> Elixir.SBoM.CycloneDX.JSON.Decodable.Google.Protobuf.Duration
Impl: Elixir.SBoM.CycloneDX.JSON.Decodable for Google.Protobuf.Empty -> Elixir.SBoM.CycloneDX.JSON.Decodable.Google.Protobuf.Empty
Impl: Elixir.SBoM.CycloneDX.JSON.Decodable for Google.Protobuf.FieldMask -> Elixir.SBoM.CycloneDX.JSON.Decodable.Google.Protobuf.FieldMask
Impl: Elixir.SBoM.CycloneDX.JSON.Decodable for Google.Protobuf.FloatValue -> Elixir.SBoM.CycloneDX.JSON.Decodable.Google.Protobuf.FloatValue
Impl: Elixir.SBoM.CycloneDX.JSON.Decodable for Google.Protobuf.Int32Value -> Elixir.SBoM.CycloneDX.JSON.Decodable.Google.Protobuf.Int32Value
Impl: Elixir.SBoM.CycloneDX.JSON.Decodable for Google.Protobuf.Int64Value -> Elixir.SBoM.CycloneDX.JSON.Decodable.Google.Protobuf.Int64Value
Impl: Elixir.SBoM.CycloneDX.JSON.Decodable for Google.Protobuf.ListValue -> Elixir.SBoM.CycloneDX.JSON.Decodable.Google.Protobuf.ListValue
Dependency scans — transitive + OTP apps
Dependency scans
Transitive + OTP apps
Static scan of every app in the built release (including OTP libs).
| App | File Count | Size | Languages | NIF | OS exec | Shell | App env | OS env | Start callback |
|---|---|---|---|---|---|---|---|---|---|
| asn1@5.4.3 | 25 | 638.4 KB | erlang | Yes | No | No | No | No | No |
| circular_buffer@1.0.0 | 5 | 7.1 KB | elixir | No | No | No | No | No | No |
| compiler@9.0.6 | 62 | 1.1 MB | erlang | No | No | No | No | Yes | No |
| crypto@5.8.3 | 7 | 641.7 KB | erlang | Yes | No | No | Yes | No | No |
| eex@1.19.4 | 6 | 32.6 KB | elixir | No | No | No | No | No | No |
| elixir@1.19.4 | 273 | 2.6 MB | elixir, erlang | No | Yes | No | Yes | Yes | Yes |
| hex@2.4.1 | 122 | 773.3 KB | elixir, erlang | No | Yes | No | No | Yes | Yes |
| hex_core@0.15.0 | 26 | 185.4 KB | erlang | No | No | No | No | No | No |
| iex@1.19.4 | 32 | 169.6 KB | elixir | No | Yes | Yes | Yes | Yes | Yes |
| inets@9.6.2 | 65 | 325.2 KB | erlang | No | Yes | No | Yes | No | Yes |
| jason@1.4.4 | 28 | 134.5 KB | elixir | No | No | No | No | No | No |
| kernel@10.6.2 | 105 | 1.0 MB | erlang | Yes | Yes | Yes | Yes | Yes | Yes |
| logger@1.19.4 | 12 | 71.0 KB | elixir | No | No | No | Yes | No | Yes |
| mix@1.19.4 | 102 | 645.2 KB | elixir | No | Yes | Yes | Yes | Yes | Yes |
| nerves_compatibility_test@0.1.0 | 3 | 2.3 KB | elixir | No | No | No | No | No | Yes |
| nerves_logging@0.2.4 | 7 | 24.4 KB | elixir | No | Yes | No | No | No | No |
| nerves_runtime@0.13.12 | 16 | 54.2 KB | elixir | No | Yes | No | Yes | No | Yes |
| nerves_uevent@0.1.5 | 7 | 149.2 KB | elixir | No | Yes | No | Yes | No | Yes |
| optimus@0.6.1 | 24 | 78.3 KB | elixir | No | Yes | No | No | No | No |
| property_table@0.3.3 | 9 | 34.2 KB | elixir | No | No | No | No | No | No |
| protobuf@0.16.0 | 120 | 559.9 KB | elixir | No | No | No | No | No | No |
| public_key@1.20.3 | 42 | 1.3 MB | erlang | Yes | Yes | No | Yes | No | No |
| purl@0.3.0 | 13 | 27.6 KB | elixir, erlang | No | No | No | No | No | No |
| ring_logger@0.11.5 | 8 | 54.6 KB | elixir | No | No | No | Yes | No | No |
| runtime_tools@2.3.1 | 17 | 209.4 KB | erlang | Yes | Yes | Yes | Yes | Yes | Yes |
| sasl@4.3.2 | 19 | 167.8 KB | erlang | No | Yes | No | Yes | Yes | Yes |
| sbom@0.10.0 | 760 | 3.3 MB | elixir | No | No | No | No | No | Yes |
| shoehorn@0.9.3 | 9 | 19.2 KB | elixir | No | No | No | Yes | No | Yes |
| ssl@11.5.4 | 80 | 723.9 KB | erlang | No | No | No | Yes | No | Yes |
| stdlib@7.3 | 98 | 2.4 MB | erlang | Yes | Yes | No | Yes | Yes | No |
| toolshed@0.4.2 | 10 | 59.0 KB | elixir | No | Yes | No | Yes | No | No |
| uboot_env@1.0.2 | 6 | 11.8 KB | elixir | No | No | No | No | No | No |
| xmerl@2.1.9 | 37 | 866.7 KB | erlang | No | No | No | No | Yes | No |
System compatibility — detailed table
System Compatibility
| System | Status | Version Tested | Footprint (this system) | Log |
|---|---|---|---|---|
host (Elixir 1.19.4 / Erlang 28)
|
pass |
sbom@0.10.0
|
N/A (host compile) | View log |
nerves_system_mangopi_mq_pro@0.15.3
|
pass |
sbom@0.10.0
|
760 files, 3.3 MB
Firmware: 25.4 MB
|
View log |
nerves_system_rpi4@2.0.2
|
pass |
sbom@0.10.0
|
760 files, 3.3 MB
Firmware: 41.1 MB
|
View log |
nerves_system_x86_64@1.33.3
|
pass |
sbom@0.10.0
|
760 files, 3.3 MB
Firmware: 29.0 MB
|
View log |
⚠️ Important: A "passing" status means that the package compiled successfully with Nerves for this system. It does not guarantee that the package will work correctly at runtime or that all features are compatible with Nerves.
The compatibility test only verifies that:
- The package and its dependencies can be fetched from Hex.pm
- All dependencies are from Hex (no git or path dependencies)
- The firmware can be built successfully
If you believe a status is incorrect or have additional compatibility information, please open an issue (the title and template are pre-filled for this package).