Updated 2025-01-23 SBOM Central
Currently, there are four types of exportable reports in the SBOM Central report pages.
- SBOMs
- Delivery reports
- VEX reports
- Advisory reports
SBOM tab
The SBOM tab displays all SBOMs, including those uploaded manually, added via the REST API, or created directly within the WebApp UI. The SBOMs are stored in a Json format and can be downloaded.
Multiple copies of an SBOM may occur for various reasons. The content and automated information retrieval processes in SBOM Central are identical for all copies but the product represented by the SBOMs may be operated in various environments requiring separate vulnerability analyses.
Vulnerability analysis in SBOM Central is separated by tags which, if necessary, ensure separate assessments for each individual SBOM, that is, each SBOM should here be assigned a unique set of tags.
Deliveries tab
The Deliveries tab lists all Delivery reports. In SBOM Central, a Delivery Report shall be created for the significant SBOMs that are crucial for purposes such as releases, deliveries, traceability, and historical records.
VEX tab
The VEX tab lists all VEX reports available in SBOM Central. Each VEX report is associated with a specific Delivery Report. New VEX reports can be generated at any time without affecting existing SBOMs or delivery reports.
Updates in vulnerability detection or analysis are often crucial reasons for generating a new VEX report.
Advisories tab
The Advisories tab displays all advisory reports generated in SBOM Central. Each advisory report is always linked to a corresponding VEX report. New advisories can be generated at any time.
When existing reports are modified, saving the changes creates a new version of the advisory report.