Lineaje Learning Center
  • About Lineaje
  • Lineaje Product Offering
  • Getting started
    • Create an account
      • Configure Azure AD for sso
      • Configure Okta for sso
    • Onboarding workflow
  • SBOM360, OSM
    • Generate an SBOM
      • Source Code Management (SCM) As Source
        • Public Code Repositories
        • Private Code Repositories
          • Configure GitHub credentials
          • Configure Bitbucket credentials
          • Configure Gitlab credentials
          • Configure Git credentials
          • Configure Azure Repo
        • Frequently Asked Questions
      • Container Image As Source
        • Public Container Image
        • Private Container Image
          • Configure AWS Elastic Container Registry
          • Configure Google Container Registry
          • Configure Docker Hub
          • Configure Generic OCI Registry
          • Configure Azure Container Registry
        • Frequently Asked Questions
      • Existing SBOM As Source
        • EO 14028 checks
      • Manifest file As Source
      • Android Package Kit (APK)
      • Using Lineaje CLI
    • Explore Your SBOM
      • Info
      • Attestation
      • IRL
      • Dependencies
      • Provenance
      • Vulnerabilities
      • Mitigations
      • Security Posture
      • Code Quality
      • Suppliers & Licenses
      • Findings
    • Manage Your SBOM
    • Dashboard
    • Search
    • Policies and Gates
    • Organization and User Management
      • Organization example
    • Lineaje AI
    • AI Plan and AI Remediate
      • JIRA Integration
  • SBOM360 Hub
    • My Products
    • My SBOMS
    • Find & Review SBOMs
    • Manage Your Repository
    • Request and Share SBOMS
    • Settings
    • User Roles
  • Lineaje CLI
    • System Configuration
    • Toolset Configuration
    • CLI Installation
    • CLI Usage
    • Troubleshooting CLI issues
    • Support matrix
  • Integration with CICD pipeline
    • Pre-Requisites
    • Generate Project from source code
      • Project creation using Lineaje cloud
  • Abbreviations and Descriptions
  • Release Notes
    • Unified Scanner for AWS
Powered by GitBook
On this page
  • Minimum fields
  • Mapping of minimum fields
  1. SBOM360, OSM
  2. Generate an SBOM
  3. Existing SBOM As Source

EO 14028 checks

Minimum elements for an SBOM

PreviousExisting SBOM As SourceNextManifest file As Source

Last updated 8 months ago

Minimum fields

EO 14028 checks correspond to the minimum elements in an SBOM as described by

The table below lists the minimum elements. Some of these fields are at a SBOM level and the others are applicable for each component in the SBOM.

Data Field
Description

SBOM Timestamp

Record of the date and time of the SBOM data creation

SBOM Author

The name of the entity that creates the SBOM data for this component

SBOM dependencies

Characterizing the relationship that a component X is included in software Y

Component Name

Designation assigned to a unit of software defined by the original supplier

Component Version

Version assigned to a unit of software defined by the original supplier

Component Supplier Name

The name of an entity that creates, defines, and identifies components

Component Unique Identifiers

Identifiers that are used to identify a component (like PURL, BomRefId etc)

Mapping of minimum fields

Below is a table mapping the NTIA minimum SBOM fields to SPDX and CycloneDX

SPDX
CycloneDX

SBOM Timestamp

(2.9) Created:

metadata/timestamp

SBOM Author

(2.8) Creator:

metadata/authors/author

SBOM dependencies

(7.1) Relationship: DESCRIBES CONTAINS

Inherent in nested assembly/subassembly and/or dependency graphs

Component Name

(3.1) PackageName:

name

Component Version

(3.3) PackageVersion:

version

Component Supplier Name

(3.5) PackageSupplier:

Supplier publisher

Component Unique Ids

(2.5)SPDX Document Namespace (3.2) SPDXID:

bom/serialNumber component/bom-ref

https://www.ntia.doc.gov/files/ntia/publications/sbom_minimum_elements_report.pdf