Uploading an SBOM file
Use one of the following methods to upload an SBOM file to Concert.
- Using the Concert toolkit, you can automate SBOM data ingestion as part of your CI/CD pipeline. This is the recommended approach as it helps ensure that your application and environment data stays up to date.
- The Concert API includes a data ingestion endpoint that you can use to upload SBOM files, scans, and other data types.
- Integrate directly with third-party tools and services by establishing a connection and creating an ingestion job. Each run updates your inventory with the latest component details (images, repositories, libraries, and so on) you can use to define your applications and environments.
- Upload SBOM files from the Concert UIAttention: Concert UI supports upload of files with size less than 2 MB. For files with size more than 2 MB use other options to upload..
Warning: When uploading an SBOM file with new data for an existing application, the
image
(name of the Docker image)
must be the same to avoid duplicate CVE entries. Only the digest
value should be
unique.