TechnoSoluce™ SBOM Analyzer - User Guide

Complete guide to using the SBOM analysis platform

Table of Contents

  1. Getting Started
  2. Understanding Results
  3. Navigation & Features
  4. Generating Reports
  5. Batch Analysis
  6. Best Practices
  7. Troubleshooting

Getting Started

Upload Your SBOM

The first step in analyzing your Software Bill of Materials is to upload your SBOM file to the platform.

Supported SBOM Formats

CycloneDX JSON Example:

{
  "bomFormat": "CycloneDX",
  "specVersion": "1.4",
  "version": 1,
  "metadata": {
    "timestamp": "2024-01-15T10:30:00Z",
    "tools": [
      {
        "vendor": "CycloneDX",
        "name": "cyclonedx-maven-plugin",
        "version": "2.7.8"
      }
    ],
    "component": {
      "type": "application",
      "name": "my-application",
      "version": "1.0.0"
    }
  },
  "components": [
    {
      "type": "library",
      "name": "lodash",
      "version": "4.17.21",
      "purl": "pkg:npm/lodash@4.17.21",
      "licenses": [
        {
          "license": {
            "id": "MIT"
          }
        }
      ]
    }
  ]
}

SPDX JSON Example:

{
  "spdxVersion": "SPDX-2.3",
  "dataLicense": "CC0-1.0",
  "SPDXID": "SPDXRef-DOCUMENT",
  "name": "my-application-1.0.0",
  "documentNamespace": "https://example.com/spdx/my-application-1.0.0",
  "creationInfo": {
    "created": "2024-01-15T10:30:00Z",
    "creators": ["Tool: cyclonedx-maven-plugin-2.7.8"]
  },
  "packages": [
    {
      "SPDXID": "SPDXRef-Package-lodash",
      "name": "lodash",
      "versionInfo": "4.17.21",
      "downloadLocation": "NOASSERTION",
      "licenseConcluded": "MIT",
      "licenseDeclared": "MIT"
    }
  ]
}

Upload Process

  1. Prepare Your SBOM File
    • Ensure your SBOM is in CycloneDX JSON or SPDX JSON format
    • Files up to 100MB are supported
    • Most SBOM generation tools support these formats
  2. Upload to Dashboard
    • Drag and drop your file onto the upload area or click to browse
    • The platform will validate the file format automatically
  3. Enable Real-Time Analysis
    • Toggle "Use Real Analysis" to enable live vulnerability scanning
    • This queries OSV.dev database for current threat intelligence

Understanding Results

After analysis completes, you'll see comprehensive results across multiple views. Here's how to interpret each section:

Vulnerabilities View

  • Critical vulnerabilities requiring immediate attention
  • CVSS scores and severity classifications
  • Remediation guidance and patch availability

Components View

  • Complete inventory of all software components
  • License information and compliance status
  • Version details and dependency relationships

Security Analysis

  • Risk scoring and business impact assessment
  • Vulnerability trends and patterns
  • Security recommendations and priorities

Compliance View

  • NTIA EO 14028 framework mapping
  • NIST Cybersecurity Framework alignment
  • ISO 27001:2022 control references

Generating Reports

Create professional reports tailored for different stakeholders:

Executive Summary

  • Description: High-level overview for C-suite and board members
  • Sections: Executive Summary, Key Findings, Business Impact, Strategic Recommendations
  • Time: 2-3 minutes
  • Complexity: Basic

Compliance Report

  • Description: Regulatory compliance analysis and gap assessment
  • Sections: NTIA Compliance, NIST Framework, ISO 27001, Compliance Gaps
  • Time: 3-5 minutes
  • Complexity: Intermediate

Technical Analysis

  • Description: Detailed technical findings and component analysis
  • Sections: Component Analysis, Vulnerability Details, Risk Assessment, Remediation Guidance
  • Time: 4-6 minutes
  • Complexity: Advanced

Comprehensive Report

  • Description: Complete analysis with all sections included
  • Sections: All Sections, Executive Summary, Technical Details, Compliance Analysis
  • Time: 5-8 minutes
  • Complexity: Advanced

Export Formats

  • PDF - Professional reports for stakeholders
  • CSV - Data analysis and integration
  • JSON - Programmatic use and API integration
  • HTML - Web-based viewing and sharing

Batch Analysis

Analyze multiple SBOM files simultaneously for comprehensive portfolio assessment:

  1. Access Batch Analysis

    Navigate to the "Batch Analysis" section from the main navigation menu

  2. Upload Multiple Files

    Select multiple SBOM files (up to 10 files) using the batch upload interface

  3. Configure Analysis Settings

    Set analysis parameters, compliance frameworks, and risk thresholds for all files

  4. Monitor Progress

    Track analysis progress across all files with real-time status updates

  5. Compare Results

    Generate comparative reports and identify patterns across your software portfolio

Best Practices

Follow these recommendations to get the most value from your SBOM analysis:

SBOM Preparation

  • Use up-to-date SBOM generation tools for accurate component inventories
  • Include all dependencies, including transitive dependencies
  • Verify SBOM format compliance before upload
  • Regularly regenerate SBOMs to capture dependency updates

Security Analysis

  • Enable real-time analysis for current vulnerability data
  • Prioritize critical and high-severity vulnerabilities
  • Review false positives and validate findings
  • Track remediation progress and verify fixes

Reporting & Documentation

  • Generate reports regularly for compliance audits
  • Customize reports for different stakeholder audiences
  • Maintain analysis history for trend tracking
  • Export data for integration with other security tools

Team Collaboration

  • Share reports with security and development teams
  • Establish clear remediation responsibilities
  • Integrate SBOM analysis into CI/CD pipelines
  • Train team members on SBOM interpretation

Troubleshooting

File Upload Issues

Problem: File upload fails

Solutions:

  • Ensure file is in JSON format
  • Check file size is under 100MB
  • Verify SBOM format compliance

Analysis Problems

Problem: Analysis doesn't complete

Solutions:

  • Enable real-time analysis toggle
  • Check internet connection
  • Wait for API rate limits to reset

Report Generation

Problem: Reports fail to generate

Solutions:

  • Complete analysis before generating reports
  • Select appropriate report template
  • Check browser popup blockers

Need More Help?

Support & Resources

Documentation

  • Quick Start Guide - 5-minute getting started tutorial
  • User Guide - Comprehensive feature documentation
  • Technical Documentation - API references and integration guides
  • FAQ - Common questions and answers

Contact Information

  • Enterprise Sales: Contact ERMITS LLC for enterprise licensing
  • Technical Support: Available through project documentation and community forums
  • Professional Services: Contact ERMITS LLC for custom implementation services
  • Website: www.ermits.com

This user guide is part of the TechnoSoluce™ SBOM Analyzer platform by ERMITS LLC. For the most up-to-date information, please refer to the in-app documentation.