Chapter 2. Scanning a software bill of materials file
You can scan your custom software bill of materials (SBOM) manifest files for analysis by Red Hat.
Important
Red Hat does not retain a copy of your scanned SBOM files.
Prerequisites
- A Red Hat user account to access the Red Hat Hybrid Cloud Console.
- An existing CycloneDX 1.3, 1.4, or 1.5 or Software Package Data Exchange (SPDX) 2.2, 2.3 manifest files.
Procedure
- Open a web browser.
- Go to the Application and Data Services home page on the Hybrid Cloud Console.
- If prompted, log in to the Hybrid Cloud Console with your credentials.
- On the navigation menu, click Trusted Profile Analyzer.
On the Trusted Profile Analyzer home page, click the Subscribe and launch button. A new web browser window opens to the Trusted Profile Analyzer console home page.
NoteBy subscribing, your registered email address goes onto the product mailing list, so you can receive information about new product developments.
- Click Scan SBOM from the navigation menu.
- You can drag-and-drop an SBOM manifest file onto the page, or click Load an SBOM.
- After scanning the SBOM file, you get a summary of the analysis, and specific vulnerability information for the packages included in your SBOM file.
Additional resources
- To learn how to create a software bill of materials file, see the Trusted Profile Analyzer Reference Guide for details.
