This product was not featured by Product Hunt yet. It will not be visible on their landing page and won't be ranked (cannot win product of the day regardless of upvotes).
Product upvotes vs the next 3
Waiting for data. Loading
Product comments vs the next 3
Waiting for data. Loading
Product upvote speed vs the next 3
Waiting for data. Loading
Product upvotes and comments
Waiting for data. Loading
Product vs the next 3
Loading
SBOMix
The SBOM tool that also inventories your AI and agents
SBOMix scans any repo and produces CycloneDX, SPDX, and an AI-BOM in seconds. No standard SBOM tool surfaces your AI stack or the agents in it. SBOMix does: models, API providers, and the MCP servers your agents can call, each with its authority scope. Free CLI, optional dashboard.
Hi Product Hunt 👋 I'm David, the maker.
I've spent 25 years in infrastructure and security (CCIE #14019). Every SBOM tool I ran did the same thing: list your dependencies, hand you a JSON file, and treat compliance as your problem from there. None of them saw the part I actually worried about, the AI models and the agents now wired into production.
So I built SBOMix. Point it at any repo:
npx sbomix .
In a couple of seconds you get CycloneDX 1.6, SPDX 2.3, and an AI-BOM. The AI-BOM is the part I care about most: it inventories your models, your API providers, and every MCP server an agent can reach, each with its authority scope (shell access, broad filesystem, unpinned source) and a Least Agency Score. sbomix ai-bom . gives you that as a plain-language report.
Two more things it does that a normal scanner won't:
sbomix cra-check maps your repo to EU Cyber Resilience Act requirements, quoted verbatim, and is honest about what a scan can prove versus what a human still has to. It never fakes a green pass and never assigns your product a compliance class.
sbomix --profile crypto-agent answers "what's in the agent holding our keys" for teams shipping autonomous agents.
The CLI is MIT licensed and free forever. No account, no Docker, no agent to install. There's an optional hosted dashboard if you want org-wide tracking and alerts.
I'd genuinely love feedback, especially on the AI-BOM output. Run it on your messiest repo and tell me what it missed. I'll be here all day.
About SBOMix on Product Hunt
“The SBOM tool that also inventories your AI and agents”
SBOMix was submitted on Product Hunt and earned 3 upvotes and 2 comments, placing #136 on the daily leaderboard. SBOMix scans any repo and produces CycloneDX, SPDX, and an AI-BOM in seconds. No standard SBOM tool surfaces your AI stack or the agents in it. SBOMix does: models, API providers, and the MCP servers your agents can call, each with its authority scope. Free CLI, optional dashboard.
On the analytics side, SBOMix competes within Developer Tools, GitHub and Security — topics that collectively have 559.5k followers on Product Hunt. The dashboard above tracks how SBOMix performed against the three products that launched closest to it on the same day.
Who hunted SBOMix?
SBOMix was hunted by David C. A “hunter” on Product Hunt is the community member who submits a product to the platform — uploading the images, the link, and tagging the makers behind it. Hunters typically write the first comment explaining why a product is worth attention, and their followers are notified the moment they post. Around 79% of featured launches on Product Hunt are self-hunted by their makers, but a well-known hunter still acts as a signal of quality to the rest of the community. See the full all-time top hunters leaderboard to discover who is shaping the Product Hunt ecosystem.
For a complete overview of SBOMix including community comment highlights and product details, visit the product overview.