Portal
Find & Review SBOMs
Search, discover, and review SBOMs in the Portal marketplace
Find & Review SBOMs
The Find & Review feature in Portal allows you to discover, search, and analyze SBOMs from your suppliers, partners, and the broader community.
Overview
Find & Review helps you:
- Discover supplier SBOMs
- Search by product, component, or vulnerability
- Review SBOM quality and completeness
- Compare product versions
- Make informed procurement decisions
Searching for SBOMs
Basic Search
- Navigate to Portal → Find SBOMs
- Enter search terms in the search bar
- Press Enter or click Search
Search Fields
| Field | Description | Example |
|---|---|---|
| Product Name | Search by product | "Database Server" |
| SKU | Search by product ID | "PROD-2024-001" |
| Supplier | Search by vendor | "Acme Corp" |
| Component | Search by dependency | "log4j" |
| Version | Search by version | "2.0.0" |
Advanced Search
Click Advanced for more options:
| Filter | Description |
|---|---|
| Date Range | SBOMs updated within period |
| Format | CycloneDX, SPDX |
| Compliance | EO 14028 compliant only |
| Severity | Exclude high-severity vulnerabilities |
Search Syntax
Use operators for precise searches:
# Exact phrase
"apache tomcat"
# Component search
component:log4j
# Supplier search
supplier:"Acme Corp"
# Version range
version:>=2.0.0
# Exclude term
database -mysql
# Combine filters
supplier:"Acme" AND component:springSearch Results
Results List
Search results display:
| Column | Description |
|---|---|
| Product | Product name and logo |
| Supplier | Vendor organization |
| Version | Latest version available |
| Updated | Last SBOM update date |
| Compliance | Compliance status |
| Components | Number of components |
Sorting Options
Sort results by:
- Relevance (default)
- Product name
- Supplier name
- Update date
- Component count
Filtering Results
Narrow results using filters:
- Category - Product category
- Supplier - Specific vendors
- Access - Public / My SBOMs / Shared with me
- Compliance - Compliance status
Reviewing SBOMs
SBOM Overview
Click a result to view details:
| Section | Contents |
|---|---|
| Summary | Product info, supplier, version |
| Compliance | EO 14028 status, NTIA elements |
| Components | Total count, breakdown by type |
| Vulnerabilities | Known vulnerabilities summary |
| Licenses | License distribution |
Detailed Analysis
View in-depth SBOM analysis:
Components Tab
- Full component list
- Version information
- Package URLs (PURLs)
- Supplier data
Vulnerabilities Tab
- CVE list with severity
- CVSS scores
- Fix availability
- Exploitation status
Licenses Tab
- License types
- Compatibility analysis
- Attribution requirements
Quality Tab
- SBOM completeness score
- Missing fields
- Data quality issues
Comparing SBOMs
Version Comparison
Compare different versions of the same product:
- Open product SBOM
- Click Compare Versions
- Select versions to compare
- View differences
Comparison View
| Comparison | Shows |
|---|---|
| Added Components | New dependencies |
| Removed Components | Dropped dependencies |
| Version Changes | Updated components |
| New Vulnerabilities | Newly introduced CVEs |
| Fixed Vulnerabilities | Resolved CVEs |
Product Comparison
Compare different products:
- Select multiple products
- Click Compare Products
- View side-by-side analysis
Requesting Access
Request Private SBOMs
For SBOMs not publicly available:
- Find the product
- Click Request Access
- Provide justification
- Submit request
Request Status
Track request status:
| Status | Meaning |
|---|---|
| Pending | Awaiting supplier response |
| Approved | Access granted |
| Denied | Request rejected |
| Expired | Access period ended |
Adding to My SBOMs
Save for Later
Add SBOMs to your collection:
- Find SBOM
- Click Add to My SBOMs
- Select destination folder
- Confirm
Organizing Saved SBOMs
Create folders to organize:
- Go to My SBOMs
- Click + New Folder
- Name the folder
- Drag SBOMs to organize
Subscribing to Updates
Enable Notifications
Subscribe to SBOM updates:
- Open product SBOM
- Click Subscribe
- Choose notification preferences:
- New versions
- Vulnerability updates
- Compliance changes
Managing Subscriptions
View and manage subscriptions:
- Go to Settings → Subscriptions
- View all subscriptions
- Modify or cancel as needed
Exporting SBOMs
Download Options
Download SBOMs in various formats:
| Format | Description |
|---|---|
| Original | As provided by supplier |
| CycloneDX JSON | Converted if needed |
| SPDX JSON | Converted if needed |
| CSV | Component list |
| PDF Report | Formatted report |
Bulk Export
Export multiple SBOMs:
- Select SBOMs
- Click Export Selected
- Choose format
- Download archive
Integration with TPRM
Link discovered SBOMs to vendor assessments:
- Find vendor SBOM
- Click Link to TPRM
- Select or create vendor profile
- Associate SBOM
See Third Party Risk Manager for more.
API Access
# Search SBOMs
curl -X GET "https://api.safeguard.sh/v1/portal/search?q=apache" \
-H "Authorization: Bearer $API_KEY"
# Get SBOM details
curl -X GET https://api.safeguard.sh/v1/portal/sboms/{id} \
-H "Authorization: Bearer $API_KEY"
# Request access
curl -X POST https://api.safeguard.sh/v1/portal/sboms/{id}/request-access \
-H "Authorization: Bearer $API_KEY" \
-d '{"justification": "Vendor evaluation"}'Best Practices
Searching
- Use specific terms for precise results
- Combine filters for targeted searches
- Save common searches
- Subscribe to important suppliers
Reviewing
- Check compliance status first
- Review vulnerability summary
- Verify component completeness
- Compare with previous versions
Organization
- Create logical folder structure
- Tag important SBOMs
- Review subscriptions regularly
- Archive outdated SBOMs