> For the complete documentation index, see [llms.txt](https://docs.opsmx.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.opsmx.com/code-to-cloud-security-and-scanners/container-and-artifact-security/artifact-scanning/artifact-security/software-bill-of-materials-sbom.md). # Software Bill of Materials (SBOM) Delivery Shield automates SBOM generation into existing workflows with dedicated support for technical issues and queries. 1. Navigate to **Setup → Integrations** in Delivery Shield. 2. Connect your container registry, CI/CD pipeline, and source repositories. 3. Enable **Syft /** **CDXGEN** integration. 4. Set the polling interval and target services for automated SBOM generation. 5. View generated SBOMs from the **SBOM** section of the **Artifact Security** page. 6. Export SBOMs on demand in **CycloneDX**, **SPDX**, or **JSON** format. ## Viewing SBOM Results in Delivery Shield SBOM data is accessible from multiple locations within the platform: * **SBOM Page** — org-wide SBOM view showing all components, versions, licenses, and CVE status per service * **View Reports Page (Source Scan)** — downloadable SBOM report including the Vulnerability column per component * **Artifact Pages** — a View SBOM button is available on all artifact pages, enabling a comprehensive SBOM view of all artifacts. * **Application Status Page** — displays the security status, active vulnerabilities, and alerts of running services derived from SBOM analysis. {% hint style="info" %} License data is visible in the downloaded SBOM file. Ensure you download the report to access full license information per component. {% endhint %} The SBOM pages for all the artifacts (Deployed / Generated / Plugin/ Mobile) can be accessed from the corresponding [Artifact Security](/code-to-cloud-security-and-scanners/container-and-artifact-security/artifact-scanning/artifact-security.md) page. ### To Access SBOM for the Application The SBOM for the applications is available to view in the Artifact Security page. * Navigate to **Artifact Security** and click on the required artifacts page. * Click **View SBOM**.

* The **SBOM** page is displayed.

{% hint style="info" %} You can click **Download**, to download the complete details of the page. You can click **Licenses**, to download all the licenses available for the selected application. You can click **Report**, to download this page in a report format. {% endhint %} The page displays the different components and their details as follows: * **Component** - Displays the component name. * **Version** - Displays the version of the displayed component. * **Package URL** - Displays the package URL of the component. * **License** - Displays all the available licenses. * **Vulnerabilities** - Displays the count of the vulnerabilities for the given component. * **EOL Risk** - Displays the EOL status of the component OSS package based on he score which user can add baseline version for a OSS project. * **Dependency** - Displays the dependency of the components. * **Actions** - You can add or remove licenses by clicking the **Edit License** button.

On clicking the Edit License option, the license details page is displayed. You can do the necessary changes and update the details.

### To Access SBOM for Individual Artifacts The SBOM for the individual artifacts is available to view in the Artifact Security page. * Navigate to **Artifact Security** and click on the required artifacts page. * Click the view icon in the SBOM column, next to the required artifact.

* The **SBOM** page is displayed.

{% hint style="info" %} * Click **Download**, to download the complete details of the page. * Click **Licenses**, to download all the licenses available for the selected application. * Click **Report**, to download this page in a report format (PDF or html). * Click **VEX Report** to download the details in json or csv file format. * The programming language associated with the scanned components is displayed, providing better visibility into application composition. {% endhint %} The page displays the different components of the artifact and their details as follows: * **Component** - Displays the component name. * **Version** - Displays the version of the displayed component. * **Package URL** - Displays the package URL of the component. * **License** - Displays all the available licenses. * **Vulnerabilities** - Displays the count of the vulnerabilities for the given component. * **EOL Risk** - Displays the EOL status of the component OSS package based on he score which user can add baseline version for a OSS project. * **Dependency** - Displays the dependency of the components. * **Actions** - You can add or remove licenses by clicking the **Edit License** button.

On clicking the **Edit License** option, the license details page is displayed. You can do the necessary changes and update the details.

### SBOM Levels * The Complete SBOM, Top Level, N Level, Delivery and Transitive view of SBOM can be accessed from this page.

* On clicking each panel the details of the corresponding level are displayed. * **Top Level** - Provides a general summary of the software elements that are either integrated or directly used in a product. Essential details like component names, versions, and their interactions within the software are usually included. * **N Level** - Goes beyond top-level overview to include deeper details and complexities. The "N" in "N-level" represents any arbitrary level of depth, indicating that the SBOM includes information at multiple tiers or levels of granularity. * **Delivery** - Describes every part, library, and dependency that is part of a software release or delivery package. It offers clarity regarding the makeup of the software that is being supplied. * **Transitive** - Includes not only the direct dependencies of a software component but also its indirect or transitive dependencies. * On expanding the components, it provides a drill-down view that displays its dependencies of dependencies along with the corresponding vulnerability details. {% hint style="info" %} For N Level you can choose (between 1 to 5) up to how many levels of dependencies you want to be listed. {% endhint %} ### SBOM Comparison 1. The SBOMs can be compared to identify differences in components, versions, licenses, and vulnerabilities. 2. Click the Compare icon in the SBOM column, next to the required artifact.

3. The SBOM comparison page is displayed. Select the two SBOMs that you wish to compare from the dropdown and click **Compare**.

The complete details of comparison are displayed as shown below:

--- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.opsmx.com/code-to-cloud-security-and-scanners/container-and-artifact-security/artifact-scanning/artifact-security/software-bill-of-materials-sbom.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.