dmd import sbom
dmd import sbom
Import an SBOM
Usage
sbom '/path/to/sbom.json' --platform github --organisation jamietanna --repo jamietanna
Examples
# taking an SBOM that was produced from the GitHub repo https://github.com/jamietanna/jamietanna
dmd import sbom --db dmd.db '/path/to/sbom.json' --platform github --organisation jamietanna --repo jamietanna
# taking an SBOM that was produced from the GitLab repo https://gitlab.com/tanna.dev/dependency-management-data
dmd import sbom --db dmd.db '/path/to/sbom.json' --platform gitlab --organisation tanna.dev --repo dependency-management-data
# take an SBOM that was produced in some unknown place, and auto-detect the `component_name` field, but not set the Repo Key
dmd import sbom --db dmd.db '/path/to/sbom.json'
# take an SBOM that was produced in some unknown place, and override the `component_name` field, but not set the Repo Key
dmd import sbom --db dmd.db '/path/to/sbom.json' --component-name docker.io/library/alpine:3.19
# take an SBOM that was produced by a vendor
dmd import sbom --db dmd.db '/path/to/sbom.json' --vendor ExampleCorp --product 'Web Server' --product-version 5.0.0
Synopsis
Imports a Software Bill of Materials (SBOM).
Options
| Flag (type) | Usage | Notes |
|---|---|---|
--component-name (string)
|
The Component name that should be used, instead of being detected from the SBOM metadata |
|
-h, --help
|
help for sbom |
|
--no-progress
|
prevent displaying progress of long-running tasks |
|
--organisation (tanna.dev)
|
The organisation that hosts the repository that this given SBOM has been generated for, for instance tanna.dev, `gitlab-org/sbom` |
|
--platform (github)
|
The platform that hosts the repository that this given SBOM has been generated for, for instance github, `gitlab` |
|
--product (string)
|
The product that this SBOM is for |
|
--product-version (string)
|
The version of the given product that this SBOM is for |
|
--repo (string)
|
The repository that this given SBOM has been generated for |
|
--vendor (string)
|
The vendor that produces the software this SBOM is for |
|
Options inherited from parent commands
| Flag (type) | Usage | Notes |
|---|---|---|
--db (string)
|
the path to the input/output database |
|
--debug
|
whether to enable debug logging |
|
Related
dmd import- Import raw data exports into a given database