Third Party Risk Manager
SBOM Requests
Request and collect SBOMs from your software vendors
SBOM Requests
Streamline the process of requesting, collecting, and validating SBOMs from your third-party software vendors.
Creating Requests
Single Request
- Navigate to the vendor
- Click Request SBOM
- Select the product(s)
- Choose request template
- Customize message (optional)
- Set deadline
- Click Send
Bulk Requests
Request SBOMs from multiple vendors:
- Go to Vendors
- Select vendors to contact
- Click Bulk Request
- Configure request settings
- Review and send
Request Templates
Standard Template
Default request including:
- SBOM format requirements (SPDX, CycloneDX)
- Required fields (EO 14028 compliance)
- Submission instructions
- Deadline information
Custom Templates
Create templates for specific needs:
- Go to Settings → Request Templates
- Click Create Template
- Customize content
- Save for reuse
Request Tracking
Monitor request status:
| Status | Description |
|---|---|
| Sent | Request delivered |
| Viewed | Recipient opened email |
| In Progress | Vendor acknowledged |
| Submitted | SBOM received |
| Validated | SBOM verified |
| Rejected | Submission rejected |
Automated Follow-ups
Configure automatic reminders:
- First reminder: 7 days before deadline
- Second reminder: At deadline
- Escalation: 7 days after deadline
Submission Portal
Vendors can submit via:
- Email attachment
- Secure upload portal
- API submission
- Direct integration
Validation
When an SBOM is received:
- Format validation (valid SPDX/CycloneDX)
- Completeness check (required fields)
- Compliance verification (EO 14028)
- Automatic vulnerability scan
- Notification to requestor
Rejection Workflow
If an SBOM doesn't meet requirements:
- Review validation failures
- Click Request Revision
- Specify needed corrections
- Vendor receives update request