Create, edit, or aggregate SBOMs

You can add dependency components to an existing SBOM or you can create an SBOM from scratch by adding each dependency manually.

Drop-down option	Description
Name	Specify the software, firmware, or operating system (e.g., Windows, OpenSSL). This field is required.
Version	Specify the version for your dependency name (e.g., 10.1 for Windows). This field is required.
Supplier	Specify the supplier for your dependency. This is the organization that supplied the dependency component. The supplier may often be the manufacturer, but may also be a distributor or repackager (e.g., Microsoft for Windows).
PURL	Specify the PURL package URL (e.g., scheme:type/namespace/name@version?qualifiers#subpath)
CPE	Specify the CPE (e.g., cpe:2.3:part:vendor:product:version:update:edition:language:sw_edition:target_sw:target_hw:other)

Drop-down option

Description

Name

Specify the software, firmware, or operating system (e.g., Windows, OpenSSL). This field is required.

Version

Specify the version for your dependency name (e.g., 10.1 for Windows). This field is required.

Supplier

Specify the supplier for your dependency. This is the organization that supplied the dependency component. The supplier may often be the manufacturer, but may also be a distributor or repackager (e.g., Microsoft for Windows).

PURL

Specify the PURL package URL (e.g., scheme:type/namespace/name@version?qualifiers#subpath)

CPE

Specify the CPE (e.g., cpe:2.3:part:vendor:product:version:update:edition:language:sw_edition:target_sw:target_hw:other)

Create dependency components manually

If you're just starting your SBOM, click the Add SBOM drop-down button > Add dependency component. Note that if you've already created or uploaded any SBOMs, this button will change to Manage SBOM and will have additional options, including checking file status. This will display the Add dependency component modal.
Specify the information you have for your dependency component, then save. Helm will analyze your dependency component for matches in supported package managers and the NVD, so this will take a few seconds. If you don't see your dependency component display, try refreshing your browser.

Edit dependency component

On the dependency component you want to edit, click Actions ... > Edit. This will display the Edit dependency component modal.
Make the appropriate changes, then save. Helm will again analyze your dependency component for matches in supported package managers and the NVD, so this will take a few seconds. If you don't see your updated dependency component display, try refreshing your browser.

Aggregate another SBOM into your existing SBOM

To combine SBOMs from various systems into one SBOM, you can simply upload another SBOM to Helm. This will automatically merge that SBOM into your existing one, de-duping any dependency components that are on both SBOMs.

PreviousManage your SBOM NextUpload new version of SBOM with each release

Last updated 28 days ago