How to Generate SBOM

---

To enable SBOM generation for your project, the required step is to configure the SBOM scanner. The SBOM scanner runs whenever a commit is made on the default branch of your projects and collects the components' inventory.

---

Configure the SBOM Scanner

---

Two versions of SBOM scanners are available to generate the SBOM inventory, whether generated from the Source Code Repository or the Generated Container Image Artifact.

Container images can generate component inventories. When generating the SBOM from container images, operating systems packages and other components pulled from dependencies can be reported.

To configure the SBOM scanner to collect the inventory from the source code and the container images:

1. Navigate to the Scanner Coverage page.

2. Expand the desired organization to configure the SBOM scanner and click on Select all repositories or select a particular repository.

   

3. Click on the Provisioning button at the top of the page.

   

4. Select the BoostSecurity Trivy (FS SBOM) scanner and click the Complete button.

   

Once the process is completed, on the next commit, the BoostSecurity SBOM scanner will collect the components inventory.