SBOM
The SBOM tab of the application details section displays the application's software bill of materials. The SBOM provides you with a list of dependencies used by your application, along with:
- The dependency version;
- The dependency type;
- The license type;
- The total number of CVEs introduced by the dependency, along with the number of reachable CVEs and the number of exploitable CVEs;
- When the dependency was first identified as present in your application.
If the dependency introduces CVEs, you can click on its name to see a list of all associated vulnerabilities.
Export the SBOM
You can export the SBOM generated by preZero in various standards and formats, including:
| Standard | Version | Output types |
|---|---|---|
| CycloneDX | v1.2 | XML and JSON |
| CycloneDX | v1.4 | XML and JSON |
| SPDX | 2.3 | XML, JSON, tag values |
To export the SBOM, click Export. Select the findings type and licenses you'd like included, then click Export Report to select the standard and format of your choice.
