Importing SBOMs

Manual SBOM generation

There are times when a team may want to do a manual analysis of an application, or an SBOM generated from another tool, such as Anchore's Syft. The process for creating a project and running manifest analysis are:

From the Tidelift web application

  1. Select Projects
  2. Select Create new project
  3. Name the project you wish to track and Next
  4. Locate the dependency manifests or CycloneDX/SPDX SBOM (software bill of materials) files for your project on your local system, and select Upload files. For a list of supported files, see Supported Ecosystems.

You can now upload manifests and/or SBOMs:

  1. Select Projects
  2. Choose your project
  3. Choose Upload new
  4. Locate the dependency manifests or CycloneDX/SPDX SBOM (software bill of materials) files for your project on your local system, and select Upload files. For a list of supported files, see Supported Ecosystems.
Was this article helpful?
0 out of 0 found this helpful

Articles in this section