# Convert your SBOM from CSV to CycloneDX

{% hint style="success" %}
**Skip the conversion tools and scripts!** You can now [import CSV and Excel SBOMs](/get-started/upload-your-first-sbom.md#upload-a-csv-or-excel-sbom) directly to Helm.
{% endhint %}

### **Upload a CSV or Excel SBOM**

{% hint style="warning" %}
**This feature is in beta.** Let us know your feedback and what we can do to enhance this experience!
{% endhint %}

You can upload CSV and Excel files directly to Helm and have them automatically converted to a CycloneDX SBOM. This eliminates the need for [manual conversion tools or scripts](/get-started/dont-have-an-sbom/convert-your-sbom-from-csv-to-cyclonedx.md).

1. Click the **Upload SBOM** button. &#x20;
2. In the modal that displays, specify a product name and version.
3. In the **SBOM type** drop-down, select **Document**.
4. Select or drag and drop a file in the **SBOM file** field.
5. Click **Generate CycloneDX SBOM**.
6. Preview your data before uploading. Review the component information to ensure everything looks correct and catch any formatting issues.
7. Click **Upload** to convert and import your SBOM.
8. Once imported, your SBOM will be ready for vulnerability analysis and remediation, and can be exported in [CycloneDX, SPDX, or CSV format](/ensure-fda-readiness/fda-ready-sbom-and-vulnerability-reports.md), plus our [expert-crafted FDA SBOM](/ensure-fda-readiness/fda-ready-sbom-and-vulnerability-reports/meet-fda-requirements-with-your-fda-sbom-report.md). You can also export [VEX and VDR reports](/ensure-fda-readiness/fda-ready-sbom-and-vulnerability-reports/vex-and-vdr-reports.md).

### Use an open-source tool

The one that we’ve used is [CycloneDX-CLI](https://github.com/CycloneDX/cyclonedx-cli). You will have to install and run this locally, so if this is outside your realm of expertise, [contact us](mailto:support@medcrypt.com) so we can get your SBOM converted.

1. Install CycloneDX-CLI.
2. Add these metadata columns shown in this [example file](https://github.com/CycloneDX/cyclonedx-cli/blob/main/example.csv) into your CSV file: Supplier, Type, Name, Version. You may already have these columns. They are required in order for Helm to be able to successfully identify matches for your components.
3. Add the metadata field to your CSV file. See the [CycloneDX dependency graph use case](https://cyclonedx.org/use-cases/#dependency-graph) for more information.&#x20;
4. Run the tool, using the “--output-format json” option. This will output the file as a JSON file format. For example, from your directory (ours is ./bin/linux-x64/cyclonedx), you would enter the following in the command line (in our example, we used source\_sbom\_cyclonedx.csv as our source CSV file, then destination\_sbom\_cyclonedx.json as the output JSON file that we were creating from the CSV file): convert --input-file source\_sbom\_cyclonedx.csv -–output-format json > destination\_sbom\_cyclonedx.json

### Write a custom script

You can write a custom script in Python or your favorite language to convert the file from CSV to CycloneDX JSON.

<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://helm.docs.medcrypt.com/get-started/dont-have-an-sbom/convert-your-sbom-from-csv-to-cyclonedx.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.