PulseGatePost-LLM software, agents & workflows market (since 2022)
Coverage
168,821

Apps indexed

 

Freshness
10 min ago

Last update

 

Cadence
1,518/day

7-day average

Indexed today: 1,104

PulseGate

Market catalog for public software products, models, infra, and workflow tools.

Software is shipping faster than ever, and a growing share of it lives outside the official app stores. PulseGate is a free public catalog — built for builders, analysts, and everyday users.

Platform

  • All Apps
  • Categories
  • Industry Updates
  • Data Sources
  • Coverage Rules
  • Glossary
  • Embed Widget

Support

  • Help Center
  • Submit a Project
  • Report an Issue

Company

  • About
  • Press & Data
  • Contact
  • Platform Status

Legal

  • Privacy
  • Terms
  • Disclaimer

© 2026 PulseGate. Operated by Dymaxio s.r.o., Prague, Czech Republic.·

All systems operational
PulseGate
BOBomly logo
Bomly
Visit ↗
  1. Home/
  2. CLI tools & terminal/
  3. Bomly
←Back to results
BBomly logo

Bomly

bomly.dev·Infrastructure

Bomly is an open-source command-line tool designed to provide dependency intelligence for modern software projects. It addresses the challenges of understanding, auditing, and managing software dependencies by scanning projects, software bills of materials (SBOMs), and container images. Bomly explains the origin of each dependency and surfaces relevant vulnerability and license data on demand, helping developers and teams take dependencies seriously.

The tool supports scanning source trees, container images (including OCI and Docker), Git references (such as branches, tags, or commits), and existing SBOMs in SPDX or CycloneDX formats. Bomly can generate SBOMs for any project by reading manifests, lock files, container layers, or existing SBOMs, and annotates each package with information such as its source, license, and known vulnerabilities. It features native parsers for major ecosystems including Go, npm, pnpm, yarn, Maven, Gradle, Python (pip, Pipenv, Poetry, uv), Ruby, PHP, NuGet, and Cargo, with Syft integration to support additional ecosystems. The tool resolves transitive dependencies and tags them by scope, such as runtime or development/test.

Bomly offers three primary commands—scan, explain, and diff—providing consistent results across all supported input types. Its interactive mode opens a text user interface (TUI) for manual exploration of the dependency graph, allowing users to search for packages, trace their introduction paths, and navigate findings without generating disk reports. 6. date, with no outbound calls unless explicitly requested. 0, enabling vulnerability findings to appear natively in platforms like GitHub, GitLab, and Azure DevOps, and provides stable exit codes for scripting.

The platform is extensible via plugins, with detectors, matchers, and auditors communicating over a gRPC contract. Bomly is delivered as a single binary, requiring no hosting, and can be run locally, in CI environments, or as an MCP tool for AI agents such as Claude and Cursor. Every CLI flag is available to agents, and results are returned in structured JSON. 0, is free to use, and does not include telemetry.

Open SourceApache-2.0
CLISelf-hosted
B
Bomly preview
Visit bomly.dev↗
⭐9
stars
✓5
features
📅2026
since

Overview

5 features

In the CLI tools & terminal space, Bomly takes a focused approach. Understanding, auditing, and explaining software dependencies and vulnerabilities in projects. It is built as an open-source project for software developers. Bomly is open source under the Apache-2.0 license. It runs on the command line, and it can be self-hosted.

Behind Bomly is Open Source Maintainers, and the product first shipped in 2026. Development happens publicly on GitHub with 281 commits in the last 90 days. PulseGate's similarity index finds few close equivalents — Bomly occupies a relatively distinct niche. Key capabilities include dependency scanning, SBOM analysis, and vulnerability audit. It exposes integrations via an MCP server.

  • ✓Dependency scanning
  • ✓SBOM analysis
  • ✓Vulnerability audit
  • ✓License detection
  • ✓Interactive TUI

Tags

sbom-analysisdependency-auditlicense-compliance

AI capabilities

Weights: Open

Built with & integrations

Framework
nextjs
Hosting
gcp
Connectors
MCP
Runs on
CLISelf-hosted

Trust & compliance

LicenseApache-2.0
Verified signals
✓ HTTPS✓ Privacy Policy✓ Open Source✓ Free tier✓ GitHub · ★ 9✓ Active maintenance
Legal
Privacy Policy →

Recent events

Latest indexed changes and source events

  1. IndexedJul 8, 10:44 AM

    Why Is This Dependency Here? discovered by the PulseGate indexer

    Source: PulseGate indexerOpen ↗

Frequently asked questions about Bomly

What does Bomly do?
Understanding, auditing, and explaining software dependencies and vulnerabilities in projects. It is catalogued under CLI tools & terminal on PulseGate.
Who is Bomly for?
Bomly is an open-source project built for software developers.
Is Bomly free?
Yes — Bomly is open source under the Apache-2.0 license and free to use.
What platforms does Bomly run on?
Bomly runs on the command line. It can also be self-hosted.
Is Bomly still maintained?
PulseGate's automated liveness checks currently classify Bomly as active. The GitHub repository shows 281 commits in the last 90 days.
What are alternatives to Bomly?
Similar tools tracked by PulseGate include sbom-sentinel, sbomify-action, and aisbom-cli.sbom-sentinelsbomify-actionaisbom-cli
Who makes Bomly?
Bomly is developed by Open Source Maintainers.
When did Bomly launch?
Bomly first shipped in 2026.

At a glance

Pricing
Open Source
Platforms
Cli
Languages
English
Open source
Yes · ★ 9
License
Apache-2.0
First seen
Jul 8, 2026
Activity
🟢 Active
Status
🟢 Active
Built for
software developers
Model
Open source
Solves
Understanding, auditing, and explaining software dependencies and vulnerabilities in projects.

Developer

Open Source Maintainers
Small team
↗ GitHub

Open source

View on GitHub →
⭐ Stars
9
🍴 Forks
0
Open issues
5
Last commit
5d ago
Commits 90d
281
Contributors
4
Authorship
Small team
Default branch
main
Latest release
v0.16.2 · 6d ago

PulseGate index

Confidence
High · 96
Indexed
Jul 8, 2026
Lifecycle
Alive
Activity
Active
First seen
Jul 2026
Last seen
5d ago
Freshness
Unknown
Identity audit (9)
Entity ID
cmrbyaqi200qjjqxtzicuwxwa
Slug
why-is-this-dependency-here-bomly-dev
Verification state
Indexed for public listing
Claim / listing state
Unclaimed · listed: yes
Index status
Included in index
Latest evidence snapshot
Jul 8, 2026
Timeline basis
Indexed-at chronology (no inferred launch/funding milestones).
Last updated
Jul 12, 2026
Canonical URL
https://bomly.dev/

Similar apps

Other apps tracked under the same category.

  • sbom-sentinel
    github.com
  • sbomify-action
    sbomify.com
  • aisbom-cli
    aisbom.io
  • Interlynk
    sbombenchmark.dev
  • vulnledger
    pypi.org
  • Westbayberry
    westbayberry.com