Creating a SBOM template

To create a SBOM template:

  1. Click and then select SBOM Templates.

  2. Click + Create SBOM Template.

  3. Enter a name for the SBOM template in the Name field. This is a mandatory field.

  4. Optionally, you may enter a description for the SBOM template in the Description field.

  5. Enable the Active checkbox if you want this SBOM template to appear in the list of available options when creating a SBOM report.

  6. Select a default SBOM type from the Default SBOM Type dropdown menu.

  7. Select the desired report output type from the Default Report Format dropdown menu.

  8. Select the desired fields to appear in the output for your SBOM template.

    Project Data:

    • Creator: Replaces default creator information with the person(s) or organization(s) that created the SBOM file.

    • Project Alias: Project Alias masks the name of your project version name in SBOM reports.

    • Subproject Components: Include subproject components in SBOM reports.

    • Creator Comments: An optional field for creators of the SBOM file to provide general comments about the creation of the SPDX file or any other relevant comment not included in the other fields.

    Component Data:

    • Originator: If the package identified in the SBOM file originated from a different person or organization than identified as Package Supplier, this field identifies from where or whom the package originally came.

    • Description: The description of the package.

    • License Comment: Include additional comments about the concluded license in SBOM reports.

    • Supplier: The organization that supplied the component that the BOM describes.

    • PURL: The package URL (PURL), or a specific location within a version control system (VCS) for the package.

    • CPE: CPE is a standardized method of describing and identifying classes of applications, operating systems, and hardware devices present among an enterprise's computing assets.

    • Package Comment: General comments about the package being described.

    • Package Valid Until Date: The end of the support period for a package from the supplier.

    • Vulnerabilities: Include component vulnerabilities in SBOM reports.

    • Copyrights: The copyright text for the exported project version or its BOM component(s).

    • Homepage URL: The URL of the exported BOM project version or its project version BOM component(s).

    • Download Location: The URL or a specific location within a version control system (VCS) that the component was downloaded from.

    • Exclude components with usage of "Dev. Tool / Excluded"

    • Exclude Transitive Dependencies: Exclude transitive dependencies from SBOM reports.

  9. Click Save to finish creating the SBOM template.

Creating from an existing SBOM template

You can also use an existing SBOM template as a basis to create new templates:

  • Click Options of the desired SBOM template and select Create From....

  • Follow the same steps as described to create a new template above.