An SBOM (Software Bill of Materials) is a detailed inventory of all components, libraries, and dependencies in your software. DeepAsset helps you generate an SBOM efficiently, providing transparency and ensuring compliance with security and licensing requirements. Use DeepAsset to identify and document all elements of your software, enabling better management and risk assessment.

Create an SBOM for a single software

On Scan Results page, click "Download" button. A ZIP file will be downloaded, containing the SBOM file.

SBOM Zip

This ZIP file contains two essential files related to the Software Bill of Materials (SBOM) for your project:

CycloneDX JSON File: Named [name].CycloneDX.json, this file provides a detailed description of the components and dependencies in your software project.
Signature File: Named CycloneDX.signature.txt, this file is used to verify the integrity and authenticity of the SBOM.

Verifying the SBOM with the Signature File

To ensure the integrity and authenticity of the SBOM using the provided signature file, follow these steps:

Unzip the File: Extract the downloaded ZIP file to access its contents.
Navigate to the Directory: Open a terminal or command prompt and navigate to the directory containing the extracted files.

Run the Verification Command: Execute the following command:

openssl x509 -pubkey -noout -in deepbits.cert | openssl dgst -verify /dev/stdin -keyform PEM -sha256 -signature CycloneDX.signature.bin -binary [name].CycloneDx.json

Note: Replace [name] with the actual name of your downloaded files.

By following these steps, you can confirm the integrity and authenticity of your SBOM.