Overview
SBOM stands for Software Bill Of Materials. SBOM-based discovery mode in twigs allows you to ingest assets specified in SBOM artifact to ThreatWorx. Currently supported SBOM standards and formats are as follows:
CycloneDX – JSON
SPDX, SPDX Lite – tagvalue
ThreatWorx (proprietary) – JSON, CSV
Pre-requisites
You need to have SBOM artifact.
Steps
The steps involved to discover assets from SBOM artifact are as below:
Open a new shell / terminal.
Check that twigs is installed and running properly by running below command:
twigs sbom -h
You can run the command as below:
twigs sbom [-h] --input INPUT [--standard {cyclonedx,spdx,threatworx}] [--format {json,tagvalue,csv}] [--assetid ASSETID] [--assetname ASSETNAME]
where INPUT is the path to the SBOM document
After discovery is complete, you can login into ThreatWorx Console to view the newly discovery assets.