Frequently Asked Questions
Everything you need to know about VulnLedger.
What is an SBOM and why do I need one?
A Software Bill of Materials (SBOM) is a complete inventory of all components in your software. It's required by EU CRA, US Executive Order 14028, and FDA regulations. VulnLedger generates SBOMs automatically and cross-references every component against vulnerability databases.
Is VulnLedger really free?
The CLI tool is fully open source and free forever under AGPL-3.0. The cloud dashboard is free for up to 3 projects and 5 scans/day. Pro, Team, and Enterprise plans add unlimited projects, monitoring, alerts, and team features.
How is VulnLedger different from Snyk?
VulnLedger is more affordable (Team plan $29 vs Snyk's $228 for 10 users), open source, and includes compliance reports in the Enterprise tier. We focus on being the easiest SBOM tool to set up and use, while Snyk is a broader (and more expensive) security platform.
What package ecosystems do you support?
We support pip (Python), npm (Node.js), Go modules, Maven (Java), Cargo (Rust), NuGet (.NET), RubyGems, Composer (PHP), and more. The full list is in our documentation.
Can I run VulnLedger in CI/CD?
Yes. We have native integrations for GitHub Actions, GitLab CI, and Jenkins. The CLI can be run in any CI/CD pipeline. Pro plan includes policy enforcement (fail builds on critical vulns).
Where is my data stored?
Cloud (SaaS) data is stored in encrypted databases. On-premises deployments store everything on your infrastructure. We also support air-gapped deployments for classified environments.
Can I export compliance reports?
Yes. The CLI generates CycloneDX SBOMs. The Pro/Team dashboard generates PDF reports mapped to EU CRA, EO 14028, and FDA requirements. Download reports with one click.
How do I upgrade or downgrade my plan?
Upgrade instantly from the Pricing page. If you downgrade, you'll retain access to Pro features until the end of your billing period.
Do you offer academic or open-source discounts?
Yes. Contact us at [email protected] for academic pricing and free open-source project licenses.
What happens to my data if I cancel?
You retain access to your data for 30 days after cancellation. During this period you can export everything. After 30 days, data is securely deleted.
Still have questions? Email us