Software Bill of Materials (SBOM)
Delivery Shield automates SBOM generation into existing workflows with dedicated support for technical issues and queries.
Navigate to Setup → Integrations in Delivery Shield
Connect your container registry, CI/CD pipeline, and source repositories
Enable Syft / CDXGEN integration under the SBOM section
Set the polling interval and target services for automated SBOM generation.
View generated SBOMs from the SBOM section of the Artifact Security page.
Export SBOMs on demand in CycloneDX, SPDX, or JSON format
Viewing SBOM Results in Delivery Shield
SBOM data is accessible from multiple locations within the platform:
SBOM Page — org-wide SBOM view showing all components, versions, licenses, and CVE status per service
View Reports Page (Source Scan) — downloadable SBOM report including the Vulnerability column per component
Artifact Pages — a View SBOM button is available on all artifact pages, enabling a comprehensive SBOM view of all artifacts.
Application Status Page — displays the security status, active vulnerabilities, and alerts of running services derived from SBOM analysis.
License data is visible in the downloaded SBOM file. Ensure you download the report to access full license information per component.
The SBOM pages for all the artifacts (Deployed / Generated / Plugin/ Mobile) can be accessed from the corresponding Artifact Security page.
To Access SBOM for the Application
The SBOM for the applications is available to view in the Artifact Security page.
Navigate to Artifact Security and click on the required artifacts page.
Click View SBOM.
The SBOM page is displayed.
You can click Download, to download the complete details of the page.
You can click Licenses, to download all the licenses available for the selected application.
You can click Report, to download this page in a report format.
The page displays the different components and their details as follows:
Component - Displays the component name.
Version - Displays the version of the displayed component.
Package URL - Displays the package URL of the component.
License - Displays all the available licenses.
Vulnerabilities - Displays the count of the vulnerabilities for the given component.
EOL Risk - Displays the EOL status of the component OSS package based on he score which user can add baseline version for a OSS project.
Dependency - Displays the dependency of the components.
Actions - You can add or remove licenses by clicking the Edit License button.
On clicking the Edit License option, the license details page is displayed. You can do the necessary changes and update the details.
To Access SBOM for Individual Artifacts
The SBOM for the individual artifacts is available to view in the Artifact Security page.
Navigate to Artifact Security and click on the required artifacts page.
Click View SBOM.
The SBOM page is displayed.
Click Download, to download the complete details of the page.
Click Licenses, to download all the licenses available for the selected application.
Click Report, to download this page in a report format (PDF or html).
Click VEX Report to download the details in json or csv file format.
The page displays the different components of the artifact and their details as follows:
Component - Displays the component name.
Version - Displays the version of the displayed component.
Package URL - Displays the package URL of the component.
License - Displays all the available licenses.
Vulnerabilities - Displays the count of the vulnerabilities for the given component.
EOL Risk - Displays the EOL status of the component OSS package based on he score which user can add baseline version for a OSS project.
Dependency - Displays the dependency of the components.
Actions - You can add or remove licenses by clicking the Edit License button.
On clicking the Edit License option, the license details page is displayed. You can do the necessary changes and update the details.
Last updated