How to Generate SBOM

---

The Software Bill of Materials (SBOM) generation feature in BoostSecurity creates a comprehensive inventory of components within your project, enhancing visibility into dependencies and improving security by identifying potential vulnerabilities. This page explains how the SBOM generation process works and how to configure it effectively.

To enable SBOM generation, you need to configure the SBOM scanner for your project. The SBOM scanner runs whenever a commit is made on the default branch of your projects and collects the components' inventory.

---

Configure the SBOM Scanner

---

Two versions of SBOM scanners are available to generate the SBOM inventory, whether generated from the Source Code Repository or the Generated Container Image Artifact.

Container images can generate component inventories. When generating the SBOM from container images, operating systems packages and other components pulled from dependencies can be reported.

To configure the SBOM scanner to collect the inventory from the source code and the container images:

1. Navigate to the Scanner Coverage page.

2. Expand the desired source code managment system and then you can choose to either Select all repositories, Select all repositories or Select a particular repository from the dropdown list.

   

3. After selecting the desired organization(s) or repositories, click on the Actions button at the top of the page.

   

4. Click on the Provisioning button from the displayed dropdown.

   

5. On the Easy tab of the displayed modal, select SBOM and click the Complete button.

   

6. Boost automatically provisions the most suitable SBOM scanner for the selected resources.

7. Once provisioned successfully, your projects components' inventory is generated and available for review.