Create, edit, or merge SBOMs

Create, edit, or merge SBOMs

You can add dependency components to an existing SBOM or you can create an SBOM from scratch by adding each one manually. You can also merge SBOMs to combine all dependency components for multiple systems into one.Comment

Create dependency components manually

1. If you're just starting your SBOM, click the Add SBOM drop-down button > Add dependency component. Note that if you've already created or uploaded any SBOMs, this button will change to Manage SBOM and will have additional options, including checking file status. This will display the Add dependency component modal.Comment

2. In the panel that displays, specify the product and version in the first section.Comment

3. In the next section, provide any information you have for your dependency component. The only required field is the name, so if you don't have information (e.g., version), you can always add this later. However, Helm will need the version to attempt to accurately identify the matching known software.Comment

4. Click Add dependency component. Helm will analyze your dependency component for matches in supported package managers and the NVD, so this will take a few seconds. If you've provided a PURL or CPE, Helm will analyze our package managers and other data sources to ensure that you have the correct string. If not, Helm will automatically fix this for you. If you don't see your dependency component display, try refreshing your browser.Comment

Edit dependency component

1. On the dependency component you want to edit, click Actions ... > Edit details.

2. In the panel that displays, make any necessary changes, then click Save. This will automatically reload your dependency component, which will no longer retain any review information you've already added for this dependency component. If you don't see your updated dependency component display, make sure Auto-refresh is on or click Refresh to manually update the page.

Merge another SBOM into your existing SBOM

To combine SBOMs from various systems into one SBOM, you can simply upload another SBOM to Helm. This will automatically merge that SBOM into your existing one, de-duping any dependency components that are on both SBOMs.

You can add dependency components to an existing SBOM or you can create an SBOM from scratch by adding each one manually. You can also merge SBOMs to combine all dependency components for multiple systems into one.

Create dependency components manually

1. If you're just starting your SBOM, click the Add SBOM drop-down button > Add dependency component. Note that if you've already created or uploaded any SBOMs, this button will change to Manage SBOM and will have additional options, including checking file status. This will display the Add dependency component modal.

2. In the panel that displays, specify the product and version in the first section. If you haven't created any products or product versions yet, click the create button in this drop-down. If you've already added products and versions, select the appropriate ones.

3. In the next section, provide any information you have for your dependency component. The only required field is the name, so if you don't have information (e.g., version), you can always add this later. However, Helm will need the version to attempt to accurately identify the matching known software.

4. Click Add dependency component. Helm will analyze your dependency component for matches in supported package managers and the NVD, so this will take a few seconds. If you've provided a PURL or CPE, Helm will analyze our package managers and other data sources to ensure that you have the correct string. If not, Helm will automatically fix this for you. If you don't see your dependency component display, try refreshing your browser.

Edit dependency component

1. On the dependency component you want to edit, click Actions ... > Manage dependency component.

2. In the panel that displays, make any necessary changes, then click Save changes. This will automatically reload your dependency component, which will no longer retain any review information you've already added for this dependency component. If you don't see your updated dependency component display, make sure Auto-refresh is on or click Refresh to manually update the page.

Merge another SBOM into your existing SBOM

To combine SBOMs from various systems into one SBOM, you can simply upload another SBOM to Helm. This will automatically merge that SBOM into your existing one, de-duping any dependency components that are on both SBOMs.