Post

1 follower Follow
0

SBOM Manager - Frequently Asked Questions

  1. I have a Complete Insight Highlight subscription. Is there any limit to the number of SBOM’s that I can create and work on?

    The number of SBOM’s that can be created and modified depends upon the number of applications for which the subscription is taken.
  2.  I have a Highlight subscription, but SBOM Manager is not available for me. How can I get access to the SBOM Manager?

    CAST SBOM manager is accessible for free to anyone but limited to 25 SBOMS and a year.

    - https://www.castsoftware.com/sbommanager

  3. Can I use the SBOM Manager, to determine the metrics of an application which I intend to migrate to cloud?

    SBOM Manager is intended only to generate and modify Software Bill Of Material’s (SBOM) after the Software Composition analysis (SCA) of your application.

    It is not intended to be used for Cloud Migration or Software Health analysis.

  4.  SBOM Manager has detected a component that we use as having critical vulnerability. We have decided to re-engineer our application.

    How can we calculate the Technical Debt involved?

    SBOM Manager do not provide this functionality. But you can check a range of our products which can be used to determine the Technical Debt and more at https://www.castsoftware.com/

  5. I have a MAC. Can I download SBOM Manager to my system?

    No currently SBOM Manager is available only for Windows and Linux.

  6. Got a message “Scan finished! Creation of new Bill of Materials for Application XXX Version 0.0.0 has failed.

    Where can I find the logs to determine the cause?

    C:\Users\{user}\.scar\log

  7. I would like to create a new license policy before I generate the first SBOM for my portfolio? Is it possible?

    Yes.

  8. For the Source code, I can see that there is an option to select CAST Highlight CSV archive? What is CAST Highlight CSV archive?

    CAST Highlight CSV archive and CycloneDX SBOM are the outputs of CAST Highlights Code Reader. CAST Highlight CSV archive or CycloneDX SBOM can be used as  input for SBOM Manager. To know more about the functionalities of the Code Reader please check https://doc.casthighlight.com/

  9. For the scanners, what does “Use previous versions” mean? Does it mean the set or order of scanners selected for the previous version of SBOM?

    “Use previous versions” is to load scan settings (folder exclusions, scanner parameters, etc.) from the previous SBOM version you created.

  10. Why is the “Filtered Result” selection the best option for the scanners?

    Selecting “Filtered Result” will help to avoid false positives in the results.

  11. In the Dashboard in “Files by Source”  SCA is shown as a source along with local, catalogue etc? What does it imply?

    It means that scanned files are identified as being OSS (SCA) and/or already present in your local catalog (i.e., components you refined/created and added in your local catalog).

  12. In the SBOM under the "Components" tab there is a "topics" column. What does it represent?

    Topics are the tags found in the crawled repository of the forges SBOM Manager supports (e.g. NPM, Github...)

  13. In the "File" tab of the SBOM, there is a column named "size ", What is it?

    File size measured in bytes.

Please sign in to leave a comment.