You can generate an SBOM for any file in your portal: submitted files (all users) and product files (Partner Supplier plan only).
A file that has an extensive tree structure — hundreds or thousands of subcomponents — can generate an SBOM that is extremely large and difficult to use, as it becomes a challenge to locate the information of interest to you.
An optional setting lets you exclude references to subcomponent files when generating your SBOM. When enabled, the resulting SBOM contains a condensed list of identified subcomponents, making it easier for you to analyze. This also significantly reduces the file size of the SBOM. References to subcomponent files aren't required to provide a full picture of the root package that you're generating the SBOM for.
- Use the Files menu in the sidebar to navigate to the Submitted Files page.
Select Files > Product Files if you want to work with a product file. (Partner Supplier plan only) - Locate the file you want to generate an SBOM for.
You can select a root (top level) file or a subcomponent.
Search Tip
Use the filter and search features to display a set of files with specific attributes or help locate a particular file. See Filter and search for files for full instructions on using these features.
- Click a file name or the file's score to open the information window.
- Click the NTIA SBOMs tab.
The tab displays the SBOMs previously generated for the selected file. - Select the desired SBOM format from the list provided.
- Expand the NTIA SBOM Options menu to the right of the selected format and enable Exclude files. (optional)
- Click Generate SBOM.
The new SBOM is added to the top of the list with a note indicating that it is being generated. The estimated time to complete the generation is displayed. Leaving this page does not stop or pause SBOM generation.
When generation is complete, the Download and Delete buttons replace the countdown timer.
Important
Certain SBOM formats mandate licensing to Creative Commons (CC0). Before distributing any SBOM, it's important that you check the document license in the generated SBOM and establish non-disclosure agreements where appropriate.
Comments
Please sign in to leave a comment.