Upload and analyze an SBOM file
When you upload an SBOM file to the Threat detection page, DigiCert® will:
Analyze the information from a previous threat detection scan
Display findings in DigiCert ONE
After the analysis is complete, critical data will display in the Threat detection details page. This information helps you to better understand your organization’s security posture, including the criticality of any detected vulnerability.
Before you begin
To upload an SBOM file and initiate a threat detection analysis, you must:
Ensure the file meets the following requirements:
Supported file format: json
Supported file size: Up to 50MB
Assign the SBOM to a project
A project allows you to organize and group related software scans, such as different versions of the same software.
This step is included in the Upload an SBOM file and initiate a threat detection analysis section.
To learn more about projects, see Projects.
Assign the file to a release (optional)
A release ensures that SBOM data is managed based on the security policies and rules configured within the release window.
This step is included in the Upload an SBOM file and initiate a threat detection analysis section.
You can only assign For a
To learn more about releases, see リリース.
Upload an SBOM file and initiate a threat detection analysis
In the Software Trust menu, go to Threat detection > Threat detection.
Select Upload SMOB.
Drag and drop a file or upload a file using the windows explorer.
You can upload multiple files.
When you upload a file, the Your files table displays the newly added files.
Select Save and continue to manage and configure these files.
Complete the missing fields:
For Scan alias, enter a descriptive name for the scan.
For Version, enter your own versioning system.
Select an existing project or select Don't have a project? to create a new project. To learn how to create a project, see Create a project.
Every uploaded SBOM file must be assigned to a project; however, it's optional to also assign a release.
Once you assign an SBOM file to a project, you can;t change the project.
(Optional) Select an existing release or select Don't have a release? to create a new release. To learn how to create a release, see リリースを作成する.
When you select a project, the list of releases filters to only display releases that are related to the selected project and contain a detect or detect and sign purpose.
You can only assign one scan per project to a release.
Select Save and continue.
DigiCert ONE will begin to analyze your uploaded file.
To track the analysis, in the Threat detection listing page, review the Status column. A Fail or Pass value for Status indicates that the analysis is complete, and you can view the scan details.
Select Close.
To track the analysis, in the Threat detection listing page, review the Status column. A Fail or Pass value for Status indicates that the analysis is complete, and you can view the scan details.
To view and understand scan results, see Review scan results.