Manual SBOM generation
There are times when a team may want to do a manual analysis of an application, or an SBOM generated from another tool, such as Anchore's Syft. The process for creating a project and running manifest analysis are:
From the Tidelift web application
- Select Projects
- Select Create new project
- Name the project you wish to track and Next
- Locate the dependency manifests or CycloneDX/SPDX SBOM (software bill of materials) files for your project on your local system, and select Upload files. For a list of supported files, see Supported Ecosystems.
You can now upload manifests and/or SBOMs:
- Select Projects
- Choose your project
- Choose Upload new
- Locate the dependency manifests or CycloneDX/SPDX SBOM (software bill of materials) files for your project on your local system, and select Upload files. For a list of supported files, see Supported Ecosystems.