Local-first tool for developers and compliance managers to convert SBOMs (SPDX / CycloneDX) into structured NOTICE files.
- Runs entirely in your browser — no uploads, no servers.
- GDPR-friendly by design (suitable for EU/DE companies).
- Drag & drop your SBOM JSON, validate it, and generate a NOTICE skeleton.
- Edit gaps via a built-in Form Builder with progress tracking.
- Save drafts locally, reopen anytime, download final NOTICE.
GitHub Pages: https://trustsource.github.io/sbom2notice/
- Next.js 15 (App Router)
- React 19
- Tailwind CSS 4
- shadcn/ui 4
- i18next
- Local-first persistence (
localStorage) - Vitest + Playwright for testing
Clone the repo and install dependencies:
git clone https://github.com/TrustSource/sbom2notice.git
cd sbom2notice
pnpm installRun in development mode:
pnpm devBuild for production:
pnpm build && pnpm startThe app will be available at http://localhost:3000
- Open the app in your browser.
- Upload or drag & drop an SBOM file (.json).
- The app validates the file and converts it into a NOTICE skeleton.
- Navigate to /notice to view all saved files.
- Open any NOTICE to:
- Review or edit fields.
- Track completion.
- Export the final NOTICE as JSON, CSV, or Markdown.
The project ships with two test suites, both grouped under tests/:
tests/
├── unit/ # Vitest — pure logic (validators, conversion, progress, storage)
└── e2e/ # Playwright — full browser flows (upload, edit, export, navigation)
Run them with:
pnpm test # unit tests (Vitest)
pnpm test:watch # unit tests in watch mode
pnpm test:coverage # unit tests with v8 coverage report
pnpm e2e # end-to-end tests (Playwright, headless Chromium)
pnpm e2e:ui # Playwright UI mode for interactive debugging
pnpm e2e:report # open the last HTML reportThe Playwright config auto-starts pnpm dev on port 3100; no manual server needed.
Contributions, issues, and feature requests are welcome! Open an issue or submit a pull request.