Comment on page
Upload your first SBOM
Ready to upload your first SBOM or not sure what an SBOM is? We've got you covered! We support both CycloneDX and SPDX SBOM formats.
- 1.If you don’t have an SBOM added yet, click Add SBOM > Upload SBOM.
What versions and file sizes are supported?
Versions: We support CycloneDX 1.4 and SPDX 2.2 and 2.3 versions.
- Your SBOM file size must be 5MB or less.
- If you are using a .zip or .tar.gz (gzip) file generated from Yocto on Linux, your file size limit is 50MB.
Where did my Add SBOM button go?
If you've already uploaded an SBOM, this button changes to Manage SBOM, providing you with additional actions. You can also check your SBOM file upload status from here.
- 2.In the modal that displays, click the Choose file button to upload your SBOM file, then click Upload SBOM.
- 3.Specify the product name and version, then click Upload SBOM.
Not ready to add your SBOM yet? No worries!
You can create each of your products and their respective versions, then add your SBOM at any time.
- 1.In the Select product drop-down, select the Create product option, specify the product name, then Save. You’ll now see your new product selected. You’ll now need to add a version to upload an SBOM to.
- 2.In the Select version drop-down, select the Create version option, specify the version, then Save. Click the Add SBOM drop-down button, then select the Upload SBOM option.
- 4.Once you’ve uploaded your SBOM, you will see all of the dependency components that are contained in that product display on the page. We’re already starting to match, drawing data from the NVD, including Package URLs (PURL) of Cargo, NPM, Nuget, or Pypi package manager), CPE strings, dependency component name, and alias matches.
How does matching work?
If you have dependency components where our system is unable to find an exact match in the NVD, consult the appropriate section:
You can check the status of your SBOM file upload via the Manage SBOMs drop-down button > View file upload status. If you haven't uploaded other SBOMs, this button may still be Add SBOM. In the status modal, click the icon next to the failed status to get more information. If you need help, contact us.
To check the status of your SBOM file, click the Manage SBOMs drop-down button > View file upload status. If you haven't uploaded other SBOMs, this button may still be Add SBOM. If you have a Failed status, click the icon next to the failed status to get more information. Some possible reasons a file could fail to upload are invalid JSON or other unexpected file structure or missing required fields. If you need help figuring out what went wrong, that's what we're here for -- send your SBOM to us for help!
If you have another format (e.g., Word, CSV), contact us so we can convert it for you. We’re in the process of adding more complete support for all of the data in your CycloneDX format of SBOM, as well as adding support for the SPDX SBOM format.
Don’t worry – we’ve got you covered! We can provide expert assessment, guidance, and design of anything from building cybersecurity and continuous improvement into your product development lifecycle to your Public Key Infrastructure cryptography to FDA letters and most anything in between.