Exporting Project Inventory to SBOM Insights
SBOM Insights (a Revenera SCA product) gives organizations the ability to manage security and legal risk by maintaining a complete, accurate SBOM (Software Bill of Materials) in the cloud. SBOM Insights aggregates this SBOM over multiple sources and provides full visibility of its contents to security and legal teams, as well as to supply chain partners.
If Code Insight has been configured to perform SBOM Insights exports, Project Analysts can export inventory from a given Code Insight project to SBOM Insights. When the export process is finished, SBOM Insights automatically imports the exported data as “SBOM parts” to a specific SBOM bucket. (This bucket is assigned to the current project by the Code Insight Project Manager, as described in Assigning the Project to an SBOM Insights Bucket.) From this bucket, the parts are managed and aggregated with parts from other buckets (sources) to create a complete SBOM.
To access the SBOM Insights user help system, refer to Welcome to SBOM Insights. From here, you can access any part of the SBOM Insights user help.
Important:The option to export inventory to SBOM Insights is available only if the Code Insight System Administrator has configured Code Insight for this type of export. (If the option is available, it is displayed on the Manage Project menu on the project’s Summary tab.)
To export project inventory to SBOM Insights, do the following:
| 1. | As a Project Analyst, navigate to the Summary tab for the project whose inventory you want to export to SBOM Insights (see Opening the Project Summary Tab). |
| 2. | From the Manage Project menu, select Export to SBOM Insights. |
Note:The Export to SBOM Insights menu option is disabled whenever a scan, rescan, Project Copy, or another SBOM Insights export job is in progress or scheduled for the current project. Once these jobs complete (check the Jobs queue), the Export to SBOM Insights menu option is re-enabled so that you can initiate the export process.
| 3. | When prompted, select Yes to proceed with the export process. |
| • | If the export is successfully initiated, the message “Export to SBOM Insights bucket job is initiated with ID: x” (where x is the job ID) is displayed in the upper right of the screen. |
| • | If no SBOM Insights bucket has been specified for this project, an error message is displayed. Contact the Project Administrator for assistance. |
| 4. | To track the status of the export job, open the Jobs queue and locate the job ID. See Monitoring the Code Insight Jobs Queue for complete instructions on accessing and monitoring the Jobs queue. |
Note the following about SBOM Insights export jobs in the queue:
| • | The job status changes to Complete only after the inventory data has been exported and SBOM Insights has imported this data to the specified bucket. |
| • | If an invalid bucket has been specified for this project, the export job ends with a Failed status. Contact the Project Administrator for assistance. |
| • | If an Electronic Update or Library Refresh is currently is progress, all subsequent Export to SBOM Insights jobs are placed in a Scheduled state. Once the update is finished, the export jobs are run based on the scheduled order. |
| • | When other projects trigger Export to SBOM Insights jobs concurrently with your job, the first export job triggered is in the Active state. The remaining export jobs are placed in a Scheduled state and are run based on the scheduled order. |