Enterprise Software Supply Chain Manager (ESSCM)IntegrationsFile Uploads
File Uploads
Upload files directly for SBOM generation
File Uploads
Upload files directly to Safeguard for SBOM generation. This is useful when you have files that aren't stored in a connected repository or registry.
Supported Upload Types
| Upload Type | Description |
|---|---|
| CSAF/VEX | Upload CSAF or VEX files for vulnerability analysis |
| APK | Upload Android APK files for scanning |
| Manifest File | Upload package manifest files (package.json, requirements.txt, etc.) |
General Upload Workflow
- Navigate to Integrations from the sidebar
- Filter by Upload to see upload options
- Click Connect on the upload type
- Drag and drop or browse to select your file
- Configure project settings
- Click Upload to begin scanning
Supported File Formats
Package Manifests
| Ecosystem | File |
|---|---|
| Node.js/npm | package.json, package-lock.json, yarn.lock |
| Python | requirements.txt, Pipfile, Pipfile.lock, pyproject.toml |
| Java/Maven | pom.xml |
| Java/Gradle | build.gradle, build.gradle.kts |
| .NET | *.csproj, packages.config, *.deps.json |
| Ruby | Gemfile, Gemfile.lock |
| PHP | composer.json, composer.lock |
| Go | go.mod, go.sum |
| Rust | Cargo.toml, Cargo.lock |
Security Documents
| Format | Description |
|---|---|
| CSAF | Common Security Advisory Framework files |
| VEX | Vulnerability Exploitability eXchange documents |
| SBOM | CycloneDX or SPDX format SBOMs |
Binary Files
| Type | Extension |
|---|---|
| Android | .apk |
Best Practices
- Keep manifests updated - Upload the latest versions of your manifest files
- Include lock files - Lock files provide more precise dependency information
- Upload complete sets - Include both manifest and lock file when available
- Regular rescans - Re-upload files periodically to catch new vulnerabilities
Next Steps
Choose your upload type for detailed instructions: