Trace-AI logo Trace-AI
Start free Book a demo
Start

Know What You Ship. Trust What You Depend On.

Real-time SBOMs, exploit-aware risk scoring, and licence compliance straight from your repos. First 5 repositories free. No credit card.

Start free Book a demo
Launching on Product Hunt on 22 September. Get a reminder

Trusted by builders shipping to enterprise

Sporting India Aldeniere Bulios

Real-time SBOMs

Accurate CycloneDX and SPDX from your CI. Direct and transitive dependencies.

Exploit-aware scanning

Move beyond CVE dumps. Prioritise what is exploitable and fix with context.

Vendor visibility

Track APIs, SDKs, SLA expiry and breach history alongside your code.

Vulnerability breakdown Timeline Dependency network
Dashboard with vulnerability pie, timeline and dependency network

See risk at a glance

Critical, High, Medium and Low exposure in one place. Watch risk change as your code evolves.

Licence distribution Copyleft alerts
Licence distribution and copyleft packages

Licence compliance made simple

Identify GPL, LGPL and other copyleft licences instantly. Avoid surprises during enterprise review.

Direct vs transitive Severity tags Project context
Dependencies table with versions, severities and project mapping

Clarity without the noise

Every package, every CVE and every version in one view. No black box. Built for developers.

Open source transparency

We publish everything. Trace-AI is not a black box. ZSBOM is open and auditable.

  • โœ” The model. ZSBOM classification logic is public and open for review.
  • โœ” Composable policy as code. ISO, SOC 2 and OSS licence checks published as forkable YAML or JSON.
  • โœ” Configuration. Risk scoring, licence mapping and vendor thresholds are editable for your environment.
Explore ZSBOM on GitHub View policies library
Policy as code example
ZSBOM GitHub activity and adoption

Built in the Open, With You

  • โœ” Public from day one โ€“ Code, roadmap, and discussions live on GitHub.
  • โœ” Fork, star, contribute โ€“ Join a growing community shaping the future of supply-chain security.
  • โœ” Real collaboration โ€“ Issues, PRs, and policies are debated in the open โ€” no black boxes.
  • โœ” Adopted globally โ€“ 50+ clones and already powering startups across Czechia, Germany, the UK, and India.
51+
GitHub stars
50+
Repo clones
16
Active branches
EU & IN
Startups using ZSBOM
Contribute on GitHub

How it works

Step 1
Connect your repo
GitHub or GitLab. Minimal setup.
Step 2
Generate a live SBOM
Direct and transitive dependencies.
Step 3
Scan for risks
Exploit context. Not just CVE lists.
Step 4
Track licences and vendors
In one dashboard.
Step 5
Export evidence
CycloneDX, SPDX and JSON.
Connect Automate Scan Automate Fix Validate

Workflow animation

Clarity without the noise

Every package, every CVE and every version in one view. No black box. Built for developers.

ISO 27001 A.12.1.2 ISO 27001 A.14.2.4 SOC 2 CC8.1+

Turn SBOMs into audit-ready evidence

What is in your product maps cleanly to your audit checklist. No spreadsheets.

Simple pricing

First 5 repositories free. Predictable per-repo pricing as you scale.

  • โœ” Live SBOMs with CycloneDX and SPDX
  • โœ” Exploit-aware vulnerability checks
  • โœ” Licence tracking and alerts
  • โœ” Vendor monitoring
Start free

Create your account

We will send you a secure link to get started.

Book a live demo

See Trace-AI in action with your questions answered.

Email us

Get a launch reminder

We launch on Product Hunt on 22 September. Be first to try new features and early adopter perks.