Overview

Projects are the central organizing unit in boring.tools. Each project represents a software component — a service, application, or library — and holds all associated SBOMs, vulnerability data, and linked Git repositories.

Create a project

  1. Navigate to Projects in the sidebar
  2. Click New project
  3. Enter a name for your project
  4. Click Create

You’ll land on the project detail page immediately.

Project dashboard

The project dashboard is the first thing you see when you open a project. It gives you an at-a-glance security overview:

Vulnerability summary bar

Six tiles across the top show the current vulnerability counts broken down by severity:

TileMeaning
CriticalCVEs with CVSS score typically ≥ 9.0
HighCVEs with CVSS score typically 7.0–8.9
MediumCVEs with CVSS score typically 4.0–6.9
LowCVEs with CVSS score typically < 4.0
UnknownCVEs without a CVSS score
TotalSum of all the above

These counts reflect the latest scanned SBOM for the project.

Vulnerability trend chart

Below the summary bar, a trend chart shows how vulnerability counts have changed over time across scans. Useful for tracking whether you’re improving or introducing new issues with each release.

SBOM list

The SBOMs tab lists all SBOMs associated with this project, sorted by date. Each entry shows:

  • SBOM name and version
  • Format (e.g. CycloneDX 1.6)
  • Upload/generation date
  • Scan status (pending, scanning, completed, failed)
  • Vulnerability summary (Critical/High/Medium/Low counts)

Click any SBOM to open its detail view.

Upload an SBOM manually

  1. Open the project and click Upload SBOM
  2. Select a CycloneDX (JSON or XML) or SPDX (JSON) file from your filesystem
  3. Click Upload

The SBOM is immediately queued for vulnerability scanning. Scanning progress is shown inline and updates in real time.

Automate SBOM generation

For continuous scanning, connect a Git repository to the project. boring.tools polls for new commits and generates an SBOM automatically on every change. See Git Integration for setup.

Linked repositories

The Linked Repositories tab shows all Git repositories connected to this project. For each repository you can see:

  • Repository name and owner
  • Currently configured scan branch (with an inline dropdown to change it)
  • A Run now button to trigger a manual scan immediately

Changing the scan branch

Click the branch dropdown next to any linked repository and select a different branch. The change takes effect immediately on the next scan — no save button required.

Triggering a manual scan

Click Run now next to a repository. A dialog opens where you can select which branch to scan. The latest commit on that branch will be used. Click Generate to start.

Note: The repository must be linked to a project before “Run now” is available. If you see an error saying the repository is not linked, go to Integrations and link it first.

Delete a project

Go to the project and navigate to Settings. Click Delete project and confirm. This permanently removes the project and all associated SBOMs.

Deleting a project cannot be undone.

Last updated: May 28, 2025