Skip to main content
Version: 1.2

Uploading SBOM Reports

Supported Tools

The ability to upload SBOMs is available for security checks using the following tools:

  • KCS
  • OWASP Dependency-Track
  • Trivy
  • Grype
  • CodeScoring SCA
  • Solar AppScreener SCA

Status Display

The SBOM upload status is displayed for each security check in the Projects → Project Name → Security Pipelines section.

Supported Formats

The system supports uploading SBOM files in the following formats:

  • SPDX
  • CycloneDX

SBOM Upload Procedure

To add an SBOM, follow these steps:

  1. Navigate to Projects → Project → Security Pipelines
  2. In the additional actions menu (button Additional Actions) next to the desired security check, select Import SBOM
  3. In the opened window:
    • Upload a JSON file in one of the supported formats
    • Click Save Additional Actions
note

For more details on exporting reports from tool interfaces or using CLI, see Using CLI Tools.

Processing Statuses

  • After upload, the SBOM status will change to Processing
  • Upon successful processing:
    • The status will change to Processed
    • A link to the identified dependencies will appear in the Dependency Library tab
    • The following will be displayed:
      • Number of dependencies
      • SBOM upload date

Viewing Dependencies

The complete list of dependencies is available in the Dependency Library section.