Skip to main content

Available Reports

The following are the reports currently available with SBOM Management. For additional details about each report, see Report Examples.

  • SBOM Report in CycloneDX Format —An SBOM report in the CycloneDX v1.4 format (.xml) for the selected bucket. This report format is generated in three versions:

    • The regular Regular Cyclone DX Version provides details for each SBOM part in the bucket.

    • The CycloneDX VDR Version (Vulnerability Disclosure Report) provides details about all security vulnerabilities associated with SBOM parts in a bucket.

    • The CycloneDX VEX Version (Vulnerability Exploitability eXchange) shows information about only vulnerability exclusions—that is, those security vulnerabilities that associated with SBOM parts in the bucket but that do pose a security threat to your application or other entity.

  • SBOM Report in SPDX Format —An SBOM report in the SPDX v2.2 tag/value format (.spdx) for the selected bucket.

  • SBOM Report in Excel and HTML Formats —A human-readable SBOM report listing the component name, associated licenses, and package URL for each SBOM part in the selected bucket. The report is generated in two formats—.html and .xlsx.

  • Third-Party Notices Report —A third-party notices report (in .html format) containing the attributions and license text for each SBOM part in the selected bucket.

  • Vulnerability Report —A security report (in .html format) providing details for all security vulnerabilities currently associated with SBOM parts in the selected bucket.