2026-05-21
SBOM scanning with three-state verdicts beats AFFECTED/NOT_AFFECTED
check_affected.py takes a CycloneDX SBOM and answers 'am I affected at version X?' with AFFECTED / NOT_AFFECTED / UNKNOWN — and shows you the interval that decided each verdict.
sbomvulnerabilitycyclonedxpackage-scanneruniversgoldenmatch