Community
Questions Library
Docs
Blog
Events
Swag
Github
Slack
JupiterOne
Discussions
Release Notes
Generating a Software Bill of Materials (SBOM) - AskJ1 Community
<main> <article class="userContent"> <p>A software bill of materials (SBOM) allows you to quickly see and assess vulnerability and security risks in your organization. JupiterOne generates a SBOM for the assets you have configured with J1, examining the list of vulnerabilities in relation to your assets.</p> <h3 data-id="prerequisite">Prerequisite</h3> <p>To generate the SBOM file, you must have Administrator access to your assets. Your environment must also contain:</p> <ul><li>An active GitHub, BitBucket, or GitLab integration in J1</li> <li>An active NPM or Artifactory integration in J1</li> <li><code class="code codeInline" spellcheck="false" tabindex="0">CodeRepo that USES CodeModule</code> relationships for your integrated GitHub, BitBucket, or GitLab integrations</li> </ul><h3 data-id="sbom-file">SBOM File</h3> <p>To generate an SBOM:</p> <ol><li><p>In J1, go to <strong>Apps <img src="https://us.v-cdn.net/6035534/uploads/K368QONSNDO3/apps.png" alt="" class="embedImage-img importedEmbed-img"></img> > Assets</strong>.</p></li> <li><p>In the top-right corner, click <strong>Generate SBOM</strong>.<br> </p> <p><img src="https://us.v-cdn.net/6035534/uploads/YWB4KH1SP3M7/sbom.png" alt="" class="embedImage-img importedEmbed-img"></img></p> <p></p></li> <li><p>If you have met the prerequisite criteria above, then you can click Generate Download, and J1 downloads the SBOM in the form of a JSON file.</p></li> </ol><p>If you do not meet any of the prerequisite criteria, you see a red X next to the criteria. Click the red X for more information about the error.</p> <p><img src="https://us.v-cdn.net/6035534/uploads/EAQZHJ61LWYH/sbom-errors.png" alt="" class="embedImage-img importedEmbed-img"></img></p> <p>Follow the corrective instructions in the error message, and try to generate your SBOM again.</p> <p><img src="https://us.v-cdn.net/6035534/uploads/2DQKU8FK4UR2/sbom-code-repo-error.png" alt="" class="embedImage-img importedEmbed-img"></img></p> </article> </main>