Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 4. Scanning a software bill of materials file

You can scan your software bill of materials (SBOM) documents for analysis by using the Red Hat Trusted Profile Analyzer (RHTPA) managed service on the Red Hat Hybrid Cloud Console, or by using your own running instance of RHTPA. The Trusted Profile Analyzer service can analyze a standard SBOM, Artificial Intelligence Bill of Materials (AIBOM) containing language models, and Cryptographic Bill of Materials (CBOM) containing keys, certificates, and libraries.

Important

Red Hat does not retain a copy of your scanned SBOM documents.

Prerequisites

  • An existing CycloneDX 1.3, 1.4, 1.5, 1.6 or Software Package Data Exchange (SPDX) 2.2, 2.3 document files.

Procedure

  1. Open a web browser.
  2. Go to the Trusted Profile Analyzer console URL for your running RHTPA instance.
  3. Log in to the Trusted Profile Analyzer console with your credentials.
  4. Click SBOMs from the navigation menu.
  5. Click the Generate vulnerability report button.
  6. You can drag and drop your SBOM file directly to this page, or click the Browse Files button, then choose the SBOM file you want to scan.
  7. After RHTPA scans the SBOM file, you get a summary of the analysis, and any specific vulnerability information for the packages included in your SBOM file.
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat