RRepoGEO

REPOGEO REPORT · LITE

devops-kung-fu/bomber

Default branch main · commit 6a7f05aa · scanned 6/4/2026, 8:56:19 AM

GitHub: 615 stars · 54 forks

AI VISIBILITY SCORE
33 /100
Critical
Category recall
0 / 2
Not recommended in any query
Rule findings
2 pass · 0 warn · 0 fail
Objective metadata checks
AI knows your name
2 / 3
Direct prompts that named your repo
HOW TO READ THIS REPORT

Action plan is what to do next — copy-pasteable changes prioritized by impact. Category visibility is the real GEO test: when a user asks an AI a brand-free question that should surface devops-kung-fu/bomber, does the AI actually recommend you — or your competitors? Objective checks verify the metadata signals AI engines weight first. Self-mention check detects whether AI even knows you exist by name.

Action plan — copy-paste fixes

3 prioritized changes generated by gemini-2.5-flash. Mark items done after you ship the fix.

OVERALL DIRECTION
  • highreadme#1
    Explicitly clarify `bomber`'s purpose as an SBOM scanner in the README's opening

    Why:

    CURRENT
    `bomber` is an application that scans SBOMs for security vulnerabilities.
    COPY-PASTE FIX
    `bomber` is a dedicated security application designed to scan Software Bill of Materials (SBOMs) for security vulnerabilities and license information. Unlike tools for load testing or performance benchmarking, `bomber` focuses exclusively on identifying risks within your software supply chain.
  • mediumabout#2
    Expand the repository's 'About' description for clarity

    Why:

    CURRENT
    Scans Software Bill of Materials (SBOMs) for security vulnerabilities
    COPY-PASTE FIX
    A dedicated security tool for DevOps and SecOps teams to scan Software Bill of Materials (SBOMs) (CycloneDX, SPDX, Syft) for security vulnerabilities and license compliance, enhancing supply chain security.
  • mediumreadme#3
    Add a 'Comparison' section to the README

    Why:

    COPY-PASTE FIX
    ## Comparison to other SBOM scanners

(Add a section here comparing `bomber` to tools like OWASP Dependency-Track, Snyk, Black Duck, Fossa, and Anchore Enterprise, highlighting `bomber`'s specific strengths, e.g., ease of use, specific focus, or integration points.)

Category GEO backends resolved for this scan: google/gemini-2.5-flash, deepseek/deepseek-v4-flash

Category visibility — the real GEO test

Brand-free queries asked to google/gemini-2.5-flash. Did AI recommend you, or someone else?

Same questions for every model — switch tabs to compare answers and rankings.

Recall
0 / 2
0% of queries surface devops-kung-fu/bomber
Avg rank
Lower is better. #1 = top recommendation.
Share of voice
0%
Of all named tools, what % are you?
Top rival
OWASP Dependency-Track
Recommended in 2 of 2 queries
COMPETITOR LEADERBOARD
  1. OWASP Dependency-Track · recommended 2×
  2. Snyk · recommended 2×
  3. Black Duck by Synopsys · recommended 2×
  4. Fossa · recommended 2×
  5. Anchore Enterprise · recommended 2×
  • CATEGORY QUERY
    What tools help identify security vulnerabilities within a software bill of materials document?
    you: not recommended
    AI recommended (in order):
    1. OWASP Dependency-Track
    2. Snyk
    3. Black Duck by Synopsys
    4. Fossa
    5. Trivy
    6. Anchore Enterprise
    7. Syft
    8. Grype
    9. Mend.io

    AI recommended 9 alternatives but never named devops-kung-fu/bomber. This is the gap to close.

    Show full AI answer
  • CATEGORY QUERY
    Looking for a service to scan CycloneDX and SPDX SBOMs for component risks.
    you: not recommended
    AI recommended (in order):
    1. Snyk
    2. Mend.io
    3. Black Duck by Synopsys
    4. Fossa
    5. Anchore Enterprise
    6. OWASP Dependency-Track

    AI recommended 6 alternatives but never named devops-kung-fu/bomber. This is the gap to close.

    Show full AI answer

Objective checks

Rule-based audits of metadata signals AI engines weight most.

  • Metadata completeness
    pass

  • README presence
    pass

Self-mention check

Does AI even know your repo exists when asked about it directly?

  • Compared to common alternatives in this category, what is the core differentiator of devops-kung-fu/bomber?
    pass
    AI named devops-kung-fu/bomber explicitly

    AI answers can be confidently wrong. Read for accuracy: does it match your actual tech stack, audience, and differentiator?

  • If a team adopts devops-kung-fu/bomber in production, what risks or prerequisites should they evaluate first?
    pass
    AI named devops-kung-fu/bomber explicitly

    AI answers can be confidently wrong. Read for accuracy: does it match your actual tech stack, audience, and differentiator?

  • In one sentence, what problem does the repo devops-kung-fu/bomber solve, and who is the primary audience?
    pass
    AI did not name devops-kung-fu/bomber — likely talking about a different project

    AI answers can be confidently wrong. Read for accuracy: does it match your actual tech stack, audience, and differentiator?

Embed your GEO score

Drop this badge into the README of devops-kung-fu/bomber. It auto-updates whenever the report is rescanned and links back to the latest report — easy public proof that you care about AI discoverability.

RepoGEO badge previewLive preview
MARKDOWN (README)
[![RepoGEO](https://repogeo.com/badge/devops-kung-fu/bomber.svg)](https://repogeo.com/en/r/devops-kung-fu/bomber)
HTML
<a href="https://repogeo.com/en/r/devops-kung-fu/bomber"><img src="https://repogeo.com/badge/devops-kung-fu/bomber.svg" alt="RepoGEO" /></a>
Pro

Subscribe to Pro for deep diagnoses

devops-kung-fu/bomber — Lite scans stay free; this card itemizes Pro deep limits vs Lite.

  • Deep reports10 / month
  • Brand-free category queries5 vs 2 in Lite
  • Prioritized action items8 vs 3 in Lite