Skip to main content

SBOM Bill of Material View

The Bill of Materials view summarizes the components and their risk found in the SBOM, focusing on annotating the vulnerabilities with VEX audit details.

Displays an example of the SBOM Manager's Bill of Material view for a given version of an application. At the top of the view are a summary of the components found with the lower portion listing the components and their associated risk.

Actions

  • Use the Version Switcher dropdown to navigate to other application versions.

  • Use the Export SBOM dropdown to download the annotated SBOM. Options under the dropdown include:

    • Export Original SBOM - download the original unmodified SBOM.

    • Additional Export Options - choose between CycloneDX or SPDX in either JSON or XML file formats.

    • Export PDF - save a PDF report of the policy violations including a list of vulnerabilities, licenses, and components.

  • Select a component from the list to view the component's details view.

Example of exporting a PDF in SBOM Manager. The example report includes a summary of violations for the Webwolf application.

Summary

Relationship of the reported dependencies. See Software Dependencies: A beginner's guide to learn more.

  • Direct - the explicit dependencies that a software component defines and employs.

  • Transitive - dependencies indirectly used by a software component brought into your application as dependencies for other components.

  • Unspecified - when the component's dependency information was not declared in the SBOM.

  • Vulnerabilities Summary - provides a total of known vulnerabilities for the components in the SBOM.

  • The percentage of vulnerabilities annotated with exploitability information refers to how complete the VEX annotation for known vulnerabilities is.