Create SBOM manually

If you haven't created or uploaded any SBOMs yet, select Add dependency from the Add SBOM drop-down button in the Software Bill of Materials (Products) page. If you have created at least one SBOM, this button will change to Manage SBOMs.

Create product and version

If you haven't created any products or product versions yet, you can do so here. Simply specify the product name and version you want to associate this new dependency component with. If you've already added products and versions, they'll be available in the product and version drop-downs.

Provide dependency component details

When creating new dependency components, you’ll need to provide at least the dependency name and version. It is highly recommended that you also include the supplier, so that our system can automatically match to the correct software. You can also provide a PURL or CPE string, if you have that information. While matching your software to known software in the NVD and package managers, if Helm identifies the correct CPE/PURL information for any of your dependency components, we will automatically add this information for you.

Once you’ve created one or more dependency components, Helm will attempt to match them to the NVD and supported package managers. Once you see a Match status for the component, refer to the appropriate section.

• Resolve a Matched status with NOT IN NVD token and a package manager token

• Resolve a Multiple matches status

• Resolve a Not found status