Skip to main content
Skip table of contents

The SBOM Export Report

Overview

Mend enables you to generate and export a Software Bill of Materials (SBOM) report, that specifies the libraries, code packages, and other third-party components that are used in your application.

Getting it done

Export an SBOM report in the Mend Application

  1. From the Mend Application menu bar, select Reports > SBOM Export.

  2. The dialog box for generating the SBOM report will open automatically.

  3. A Generate SBOM Report dialog box opens, in which you can choose a specific product or project for the SBOM report scope:

    image-20240920-073109.png

    Note: You must select either one specific project or all available projects. It is not possible to select multiple projects simultaneously.

  4. Select the SBOM Standard for the generated report.
    Note: You are also be given the choice to exclude vulnerabilities data from your report (included by default), using a corresponding checkbox.

  5. From the File format dropdown, select the required file format for the generated report.

  6. By default, the option “Receive an email notification when export is ready” is selected. If you do not want to receive an email notification when the report is ready, deselect this option.

  7. Click the Export button to generate the selected report.

  8. A confirmation pop-up window will appear, stating the report is being generated:

  9. The report is generated asynchronously and once it is ready, it will be available in the My Reports section under your profile:

The following screenshot shows a newly-generated report:

Download an exported SBOM report from the Mend Application:

  1. Within the Mend Application, navigate to your profile → My Reports:

  2. Click the Download hyperlink alongside the report you want to download.

  3. The report will be downloaded in the specified format.

Reference

SBOM report supported scopes

The SBOM Report is available for exportation at the Mend product and project level scopes.

Note: For the project-scoped SBOM report, you must select either one specific Mend project or all available projects under the product. It is not possible to custom select multiple projects simultaneously.

SBOM report supported standards and file formats

We offer the following SBOM Standards in the supported formats:

  • SPDX 2.2 / SPDX 2.3:

    • JSON

    • XML

    • YAML

    • EXCEL

    • TV

  • CycloneDX 1.4 / CycloneDX 1.5:

    • JSON

    • XML

Mend SBOM reports include PURL data

A purl (or package URL for short) is a format used to describe and identify software packages in a standardized way. It provides a uniform structure for specifying package metadata, making it easier to manage and reference software packages across different repositories, platforms, and tools. For example, purl data for the Maven package oro-2.0.8.jar will look like this in Mend's SBOM report:

CODE 
    "externalRefs" : [ {
      "referenceCategory" : "PACKAGE-MANAGER",
      "referenceLocator" : "pkg:maven/oro/oro@2.0.8?type=jar",
      "referenceType" : "purl"
    } ],

How to Create an SPDX SBOM Using Mend

This video demonstrates how to export an SBOM report from the Mend UI.

How to Create a CycloneDX SBOM Report Using Mend

This video demonstrates how to export a CycloneDX SBOM report from the Mend UI.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close