Skip to main content
SBOMs from vendors describe the components, licenses, and related metadata inside software you procure. Import them into Endor Labs so you can store, search, and analyze that composition next to the applications your organization builds. Endor Labs’ SBOM Hub is a central location to store, search, and monitor SBOMs from vendors. When you import a file, Endor Labs ingests, parses, and analyzes it and keeps versions so you can see how vendor composition changes over time. For SBOM program design and day-to-day operations, see Key questions for your SBOM program. You can use finding policies to identify vulnerabilities, unmaintained open source software, license risks, and outdated dependencies in the SBOMs provided to you by your third-party software vendors.

Import an SBOM to Endor Labs

Import your project’s SBOM into the Endor Labs application to discover vulnerabilities and view findings. You can use the following methods to import SBOMs:

Import SBOMs through the Endor Labs UI

To import SBOMs through the Endor Labs UI and view vulnerability and dependency insights:
  1. Select SBOM Hub from the left sidebar.
  2. Select Import SBOM in the top right-hand corner.
  3. Choose Upload File and select the type of SBOM you would like to upload, either in XML or json format.
  4. Select Browse to upload your SBOM from your workstation or drag the SBOM into the Endor Labs user interface.
Once you have imported your SBOM to Endor Labs, Endor Labs will schedule a scan in the background for the SBOM within the next few hours.

Import SBOMs through the Endor Labs CLI

Import an SBOM using the CLI to trigger an instant scan and immediately view vulnerabilities and dependency insights with the following command: 
endorctl sbom import --sbom-file-path=/path/to/your/sbom.json
See the SBOM import command for endorctl for more information.

Manage SBOMs

You can manage SBOMs by deleting unwanted files and editing tags for consistent search and filtering.

Delete an SBOM

  1. Select SBOM Hub from the left sidebar.
  2. Select one or more SBOMs to remove.
  3. Select the vertical three dots on the row, then select Delete SBOM.

Edit tags for an SBOM

Tags are keywords you attach to SBOMs to group and filter them, for example, by vendor or data classification. Tags can have a maximum of 63 characters and can contain letters A-Z, numbers (0-9), or any of (=@_.-) special characters. To edit tags for SBOMs:
  1. Select SBOM Hub from the left sidebar.
  2. Select one or more SBOMs.
  3. Click Edit Tags in the top right-hand corner.
  4. Add, change, or remove tags, then save.

Tagging strategies for SBOMs

To improve your team’s ability to search and manage SBOMs, you can tag them as they are received. Tagging SBOMs helps your team understand the applications, vendors, and their importance to your business.