reonbritto/sbom-analyzer — reverse-engineered prompt

Build me a web app for analyzing SBOM files so I can upload a CycloneDX or SPDX JSON file and quickly see which components are actually risky. I want a simple sign in flow, plus a demo button that loads a sample SBOM so the app is easy to try right away.

After upload, show every affected package and CVE, then help me prioritize with exploit probability, whether it is being actively exploited, CVE and CWE details, likely attacker techniques, package reputation, and a clear overall risk score. It should also flag suspicious typo or supply chain style packages, suggest the single best version upgrade that fixes the most issues, and point out missing NTIA minimum elements in the SBOM itself.

Make the results easy to scan and useful for decision making, with clear warnings for severe items and practical fix suggestions. I also want report exports in JSON, CycloneDX VEX, and printable HTML. Please make it run locally with Docker compose, and feel free to check current docs online if you need to.