Skip to main content

SBOM

The SBOM tab of the application details section displays the application's software bill of materials. The SBOM provides you with a list of dependencies used by your application, along with:

  • The dependency version;
  • The dependency type;
  • The license type;
  • The total number of CVEs introduced by the dependency, along with the number of reachable CVEs and the number of exploitable CVEs;
  • When the dependency was first identified as present in your application.

If the dependency introduces CVEs, you can click on its name to see a list of all associated vulnerabilities.

Dashboard screen showing information that populates the SBOM report

Export the SBOM

You can export the SBOM generated by preZero in various standards and formats, including:

StandardVersionOutput types
CycloneDXv1.2XML and JSON
CycloneDXv1.4XML and JSON
SPDX2.3XML, JSON, tag values
VEX0.2.0JSON

To export the SBOM, click Export. Select the findings type and licenses you'd like included, then click Export Report to select the standard and format of your choice.

Dashboard screen showing the SBOM report export options