0
6.3.2
Australia, Zurich, Yokohama, Xanadu
Standalone Application
SBOM Core helps organizations maintain the searchable inventory of all the open-source components used in their environment.
- Upload SBOM files with an API or manually. This application supports XML and JSON formats for CycloneDX. JSON format is supported for SPDX.
- Search the inventory of files to identify your potential risk of exposure with a specific component.
Fixed:
- SPDX entity-to-component relationships restored — An issue where the SPDX parser previously created relationships only from the explicit relationships block, so SPDX BOMs that rely on the package list to imply dependencies showed almost no "Depends on" data on the BOM entity record, for example, ~171 dependencies instead of the expected ~2500. The parser now performs an additional pass that creates an entity-to-component relationship for every non-root package, matching the existing CycloneDX behavior.
- Vendor SBOM upload errors — Resolved errors raised during vendor SBOM uploads so SBOMs supplied by third parties can be ingested without manual intervention.
- VR BOM Entries deletion restored — The background-job configuration that drives VR BOM Entries deletion was packaged under a folder name that no longer matched the SBOM Sec Common plugin. The folder has been renamed so the background job is recognized again and BOM-entry deletion runs as expected.
- Localized failure messages — The CycloneDX parser's "failed components" message is now produced as complete translatable sentences with numbered parameters, so the message is fully translatable.
- Required roles: sn_sbom_core.sbom_ingest, sn_sbom_core.admin.
- Dependencies: At a minumum, the Data Model for SBOM application must also be installed to upload SBOMs.