SBOM Manager Release Notes

Import Binary Files through the SBOM Manager User Interface - You can now easily import binary files directly through the SBOM Manager user interface, expanding your ability to analyze and understand your software components. This streamlined import process allows you to quickly generate SBOMs for your binaries, identify similar components, and gain deeper insights into your software supply chain. For details, see the SBOM Manager help documentation.

Merge Multiple SBOMs - SBOM Manager now allows you to easily aggregate SBOMs from various sources, such as microservices within a single application, into a comprehensive, unified view. Import a .zip or .tar archive containing multiple SBOMs and SBOM Manager will generate a single, consolidated SBOM with duplicates removed. For details, see the Importing SBOMs help documentation.

Generate PDF of Bill of Materials Report from SBOM Manager - SBOM Manager now allows you to export a Bill of Materials report as a PDF document, providing a convenient and shareable format for your SBOM data. This new export option includes policy violation and vulnerability details and is accessible directly from the Bill of Materials view. See the Bill of Materials View help documentation for full details.

Improved Messaging to Support User Awareness of Imported SBOM Interpretation - SBOM Manager now provides clearer feedback when uploading invalid SBOM files. If an uploaded file fails validation but can still be processed as a binary, SBOM Manager provides a more informative message indicating the issue. This helps avoid confusion and ensures you have the necessary information to correct any syntax errors.

Updates to CycloneDX Property Names - This release updates property names in CycloneDX exports to align with Sonatype taxonomy standards and ensure consistency across both Lifecycle and SBOM Manager exports. These changes maintain backward compatibility, allowing seamless import and export functionality with both the old and new property names. See our help documentation for an updated list of Sonatype properties in SBOMs.

Standardize CycloneDX File Names - Lifecycle and SBOM Manager can now both ingest CycloneDX SBOMs with the standardized .cdx.xml and cdx.json file extensions. Additionally, exported SBOMs from SBOM Manager now also use the standardized .cdx.xml file extension. This change ensures consistency with industry best practices while maintaining support for existing *-bom.xml|json formats.

Improved Accuracy for Similar Matched Components - SBOM Manager now offers enhanced accuracy and consistency when managing CycloneDX SBOMs that contain components with similar matches. Similar matched components imported through a CycloneDX SBOM now retain their original designation and associated metadata, ensuring a consistent and reliable view of your component information throughout the SBOM lifecycle. This improvement strengthens your software supply chain security by providing a more accurate representation of your software's composition.

Software Bill of Materials that failed validation have a warning message indicating the failure

An optional argument is added to the SBOM Import API to set the version ID on the upload of SBOMs

SBOM Manager Search includes links to the specific version and vulnerability

Binary archives may be analyzed using SBOM Manager to generate a Bill of Materials

Exporting PDF reports has been added to the SBOM Bill of Materials

Bill of Material reports now support importing and displaying unknown components from binary archives

SBOM Manager has access to the Sonatype reference policies for reporting and notifications.

Copy VEX annotations from previous versions.

added support for Cyclone DX 1.6 format

Implemented the product switcher into the UI to support multiple Sonatype solutions