Guides

Distribute SBOMs to relevant stakeholders

Suggest Edits

An SBOM (Software Bill of Materials) Distribute refers to the process of sharing or delivering an SBOM to relevant stakeholders. SBOM distribution is essential for enhancing software security, transparency, and compliance across the supply chain. By sharing an SBOM, organizations enable stakeholders to identify vulnerabilities, manage risks, and respond swiftly to security threats. It fosters trust and accountability by providing visibility into software components, dependencies, and origins, ensuring compliance with regulatory mandates like the U.S. Executive Order 14028. Additionally, distributing SBOMs facilitates collaboration within development and security teams, supports audits, and helps customers assess software reliability. Ultimately, it demonstrates a proactive commitment to software integrity and positions organizations as transparent and security-conscious partners.


Registry A "Registry" is a collection of SBOMs for your selected software, containing the historical SBOMs of different software versions along with their analysis results. A registry can be shared through URLs, emails, or other means. Subscribers can not only download SBOMs from the registry but also view associated threat analysis results.

Create a Registry


When you create a registry, you will be asked to select an SBOM stream from your different asset groups. An SBOM stream represents a specific code branch or software. The selected stream will be added to the registry, and any changes, such as code commits, to the SBOM stream will be automatically recorded in the registry. Below is an example of Registry.

What can Registry do?

Share via URL

When you create a registry, if 'Share by URL' is enabled, you will receive a URL that can be used by anyone to access your shared registry. Users with this URL can download SBOMs, view analysis results, update history, and more.

Share via email

Subscribers of a specific registry can receive email notifications when critical vulnerabilities are discovered in the software associated with this registry.

Share via webhook

Updated 18 days ago