Skip to main content

Upload and analyze an SBOM file

When you upload an SBOM file to the Threat detection page, DigiCert will:

  • Analyze the information from a previous threat detection scan

  • Display findings in DigiCert ONE

After the analysis is complete, critical data will display in the Threat detection details page. This information will help you to better understand your organization’s security posture, including the criticality of any detected vulnerability.

Before you begin

To upload an SBOM file and initiate a threat detection analysis, you must:

Upload an SBOM file and initiate a threat detection analysis

  1. Sign in to your DigiCert ONE® Software Trust Manager account.

  2. In DigiCert ONE, in the Manager menu (top right), select Software Trust.

  3. In Software Trust, go to Threat detection.

  4. Select Upload SMOB.

  5. Drag and drop a file or upload a file using the windows explorer.

    • You can upload multiple files.

    • When you upload a file, the Your files table will appear and display newly added files.

  6. Click Save and continue to manage and configure these files.

  7. Complete the missing fields:

    1. For Scan alias, enter a descriptive name for the scan.

    2. For Version, enter your own versioning system.

    3. Select an existing project or select Don't have a project? to create a new project. To learn how to create a project, see Create a project.

      1. Every uploaded SBOM file must be assigned to a project; however, it is optional to also assign a release.

    4. (Optional) Select an existing release or select Don't have a release? to create a new release. To learn how to create a release, see Create release.

      1. When you select a project, the list of releases will filter to only display releases that are associated with the selected project and contain a detect or detect and sign purpose.

  8. Select Save and continue.

    1. DigiCert ONE will begin to analyze your uploaded file.

    2. To track the analysis, in the Threat detection listing page, review the Status column. A Fail or Pass value for Status indicates that the analysis is complete, and you can view the scan details.

  9. Click Close.

  10. To track the analysis, in the Threat detection listing page, review the Status column. A Fail or Pass value for Status indicates that the analysis is complete, and you can view the scan details.