There are new versions of all our products. Download them using the URL you received in the registration email. Major improvement is the added support for the new Delphi 13.1 update, plus a new Security Report.
SBOM or Software Bill of Materials is a standard to document software components, dependencies, vulnerabilities, patents, licenses etc associated with a particular product. This will help software companies and individual developers to identify risks such as outdated components, licensing conflicts, or vulnerabilities.
As stated in this Wikipedia article: “A software bill of materials (SBOM) declares the inventory of components used to build a software artifact, including any open source and proprietary software components. It is the software analogue to the traditional manufacturing BOM, which is used as part of supply chain management.“
The ability to create an SBOM is becoming increasingly important. In some cases, authorities may require an SBOM. You may also be asked by your customers to provide an SBOM for your products. There are also new EU regulations concerning security issues and SBOM.
The goal for this report section is to create an SBOM file in JSON format according to the CycloneDX specification, currently in version 1.7 released October 2025. CycloneDX is supported by the OWASP organization (a non-profit foundation focused on software security). Another SBOM standard is SPDX (Software Package Data Exchange). We especially recommend reading the Cyclone DX guide.
In this first implementation of SBOM in Pascal Analyzer, we have marked the report section as “experimental”. This means that we especially encourage feedback, critics, comments and suggestions.
It is a new feature in Pascal Analyzer, and will evolve. Expect modifications plus additions and improvements. If you already find it useful, go ahead and use it. Otherwise, you can help us with pointing out areas to improve. Perhaps you will find the resulting JSON file usable, but you may have to merge it with other settings produced manually or with other tools.
The SBOM is primarily an inventory of all artifacts in your project, like first-party files and third-party libraries. Another important objective is to document dependencies between different components. While Pascal Analyzer knows a lot about your own files, you may have to provide information about your third-party libraries, and for other items in the SBOM that you want included, like vulnerabilities, licenses, patents etc. Many third-party libraries are automatically recognized.
It is also possible to generate SBOM in the evaluation version. But in contrast to the full version, many values written to the JSON output will be randomly replaced with "???".
Read more about creating SBOM in the online help.
See these changelogs for more information:
Changelog for Pascal Analyzer 9.20.0
Changelog for Pascal Browser 3.5.41
Changelog for Pascal Expert 9.20.0