Comment on page
Export your SBOM
When downloading (exporting) your SBOM to share with others or for auditing purposes, you can either export your original SBOM or your enhanced SBOM (with matches our system made automatically or that your team created aliases for). You can also choose to include vulnerabilities and any associated CPE or PURL information in your export.
Field | Description |
|---|---|
Export as file name | This is the filename that will be generated with your exported data. |
Date | This is today’s date and cannot be modified. |
Export details | You can choose to export your enhanced SBOM which includes all matches or you can export your original SBOM. |
Export as file type | You can export your chosen SBOM configuration into either a CycloneDX JSON file or into a CSV file. If you are exporting vulnerabilities with your SBOM, you can only export this as a CycloneDX JSON file. |
Include vulnerabilities | Check this box to export all of the vulnerabilities associated with this SBOM. This will include the source name (currently always the NVD), a link to the vulnerability, both its v2 and v3 CVSS scores and vector strings, when the vulnerability was first detected, when it was updated, and more. |
Include CPE and PURL match info | Check this box to export all vulnerabilities. If a vulnerability has been exactly matched to a CPE or PURL in a package manager, or you have manually specified the CPE or PURL info, this enhanced information will be exported for those vulnerabilities. |
IMPORTANT: If you want to include all matches made by users on your account, you’ll need to make sure to create aliases for each of your dependencies that have a Matched status with a User token. To do so, click Resolve on the dependency component, then select create an alias in the modal that displays.