About CycloneDX VEX and OSV SBOM Triage - Exploitability Status Checker

Paste CycloneDX SBOM, VEX or OSV JSON and group vulnerabilities by affected status, missing evidence and remediation priority.

This site is maintained as a public, no-login helper for CycloneDX VEX, OSV, and SBOM triage. It focuses on practical preflight checks, readable remediation notes, and repeatable review steps that can be used before a deployment or account review.

The tool is independent and is not affiliated with Google, Cloudflare, GitHub, OpenAI, or any project, standard body, vendor, or platform mentioned in the interface unless the page explicitly states otherwise.

What the tool is for

Use it to organize public configuration, pasted snippets, metadata, logs, reports, or policy text into a clearer checklist. The output is intended to help you find obvious mistakes faster and prepare a cleaner handoff for a human reviewer.

What it does not replace

It does not replace official product documentation, legal advice, security approval, compliance sign-off, or an authenticated vendor dashboard. Always verify critical changes against the original source system before relying on the result.

Advertising and content quality

Pages on this site are written to include useful publisher content and policy context, not only a blank application shell. Ads should not be shown on empty, error-only, login-only, or navigation-only screens.