The SBOM Workbench is a graphical user interface to scan and audit source code using the SCANOSS API.
Simply scan your source code directory to find and identify open source components. Generate your SPDX-Lite software bill of materials (SBOM) with the press of a button.
In the Home tab, click the New project to add a new project from the source code itself, or click on the arrow to display te dropdown menu to add a new project from a WFP file or import an existing project in the state it was exported.If you choose the option to add a new project, either from sources or WFP file, you will be taken to the Project settings screen.Here, you can customize the following things:
Project name
License
API connections
Scanner settings
You can provide a context file scanoss.json declaring known components to get the most accurate results.
After you add and configure your project settings, the SBOM Workbench will automatically go through various stages: scanning your project, detecting licenses, analysing for dependencies, searching for vulnerabilties and so on.
After you add and scan your project, the results will appear in the Reports tab.The Reports tab provides an overview of detected components, licenses, dependencies, and vulnerabilities identified.
For this step, navigate to the Detected Components tab.Use this tab to automatically identify detected components and dependencies, or manually provide their details: name, version, license, optional URL, PURL, and usage (file, snippet, or prerequisite).To access all actions, click the component. If needed, you can restore it to its original state to correct the identification.
You can mark components as Original, but there is no option to ignore components, as this would conflict with the principles of an SBOM.
After finishing the identification process, you can review it in the Identified components tab.
Go to the Identified view in the Reports tab for a final project review (compare it with the Detected view if needed), then click Export to select your SBOM format.After selecting your preferred format and specifying the export path, the SBOM will be downloaded to that location.
