Export your SBOM

You can use this export function, or you can take advantage of our new, more enhanced SBOM and vulnerability reports, as well as the only FDA expert-crafted SBOM that ensures you meet FDA SBOM requirements!

When downloading (exporting) your SBOM to share with others or for auditing purposes, you can either export your original SBOM or your enhanced SBOM (with matches our system made automatically or that your team matched). You can also choose to include vulnerabilities and any associated CPE or PURL information in your export.

Field	Description
Export as file name	This is the filename that will be generated with your exported data.
Date	This is today’s date and cannot be modified.
Export details	You can choose to export your enhanced SBOM which includes all matches or you can export your original SBOM.
Export as file type	You can export your chosen SBOM configuration into the following formats: either a CycloneDX JSON file, a SPDX JSON or XML file, or a CSV file. If you are exporting an enhanced version of your SBOM (including CPE/PURL and/or vulnerabilities), you can export this CycloneDX or SPDX JSON file.
Include vulnerabilities	Check this box to export all of the vulnerabilities associated with this SBOM. This will include the source name (currently always the NVD), a link to the vulnerability, both its v2 and v3 CVSS scores and vector strings, when the vulnerability was first detected, when it was updated, and more.
Include CPE and PURL match info	Check this box to export all CPE/PURL data. If a dependency component has been exactly matched to a CPE or PURL in a package manager, or you have manually specified the CPE or PURL info, this enhanced information will be exported for those dependency components.

Field

Description

Export as file name

This is the filename that will be generated with your exported data.

Date

This is today’s date and cannot be modified.

Export details

You can choose to export your enhanced SBOM which includes all matches or you can export your original SBOM.

Export as file type

You can export your chosen SBOM configuration into the following formats:

either a CycloneDX JSON file, a SPDX JSON or XML file, or a CSV file. If you are exporting an enhanced version of your SBOM (including CPE/PURL and/or vulnerabilities), you can export this CycloneDX or SPDX JSON file.

Include vulnerabilities

Check this box to export all of the vulnerabilities associated with this SBOM. This will include the source name (currently always the NVD), a link to the vulnerability, both its v2 and v3 CVSS scores and vector strings, when the vulnerability was first detected, when it was updated, and more.

Include CPE and PURL match info

Check this box to export all CPE/PURL data. If a dependency component has been exactly matched to a CPE or PURL in a package manager, or you have manually specified the CPE or PURL info, this enhanced information will be exported for those dependency components.

IMPORTANT: If you want to include all matches made by users on your account, you’ll need to make sure to create aliases for each of your dependencies that have a Matched status with a User token. To do so, click Resolve on the dependency component, then select create an alias in the modal that displays.

PreviousFind out what products contain a particular dependency component NextDashboard (home)

Last updated 28 days ago