This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

A new Flexera Community experience is coming on November 25th. Click here for more information.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Import JSON into FNMS

Jump to solution
GerdaZ
By
Level 3

Hy everybody.
Is there a chance to import SBOM spdx.json or cyclonedx.json into FNMS-Suite. The goal is to figure out if commercial JAVA-Editions are in use. 
Do i need IT-Visability (Dataplattform) to do so?

Cat

‎Mar 09, 2023 05:19 AM

0 Kudos
(1) Solution

Jump to solution
alexrybak
By Revenera
Revenera

Hi @GerdaZ, you are correct... SBOM Management has recently been introduced as a new capability in Flexera One. This is the beginning of the journey to provide management of SBOMs for discovered COTS application. The current integration allows Flexera One ITAM/ITV customers who also have an entitlement for Revenera SBOM Insights to manually import and associate SBOMs for discovered COTS applications.

While there no “integration” with FNMS on-premises, if an FNMS customer also has an SBOM Insights entitlement, they can use the two solutions together. The catch is that SBOM Insights in a SaaS solution while FNMS is on-prem. The REST API in SBOM Insights can be used to perform any SBOM functions (import, view, edit, etc.).

Please let us know if you have a specific use case in mind and we can discuss further details.

View solution in original post

‎Mar 13, 2023 09:16 AM

(3) Replies

Jump to solution
alexrybak
By Revenera
Revenera

Thanks for the question@GerdaZ.

In September 2022, Revenera released a new SaaS product called SBOM Insights for SBOM Management. It supports ingestion of SBOMs in SPDX, CycloneDX, and Code Insight's JSON export formats to unify internal SBOMs for the code under your control and external SBOMs from upstream partners, developers, and software suppliers/vendors.

If you have discovered COTS applications using FNMS, you can create/import a corresponding SBOM into SBOM Insights and cross reference the discovered application to the SBOM. If your software vendor has provided SBOMs for the application which you have purchased from them, they can also be imported into SBOM Insights.

Once you import an SBOM into SBOM Insights, you can use the advanced search functionality to find SBOM parts of interest by part name, part age, associated license(s), associated security vulnerabilities, vulnerability ago, or package URLs (PURLs). You can also generate unified SBOM reports in SPDX, CycloneDX, and human readable (HTML/Excel) formats along with the associated security reports (VDR/VEX).

‎Mar 10, 2023 03:32 PM - edited ‎Mar 10, 2023 03:33 PM

Jump to solution
GerdaZ
By
Level 3
In response to alexrybak

Hi, SBOM Insight is part of Flexera ONE and has to be licensed additionally. 
We are on Flexera On Premise. Does ist rund with FNMS on premise?

Cat

‎Mar 13, 2023 02:00 AM

0 Kudos

Jump to solution
alexrybak
By Revenera
Revenera

Hi @GerdaZ, you are correct... SBOM Management has recently been introduced as a new capability in Flexera One. This is the beginning of the journey to provide management of SBOMs for discovered COTS application. The current integration allows Flexera One ITAM/ITV customers who also have an entitlement for Revenera SBOM Insights to manually import and associate SBOMs for discovered COTS applications.

While there no “integration” with FNMS on-premises, if an FNMS customer also has an SBOM Insights entitlement, they can use the two solutions together. The catch is that SBOM Insights in a SaaS solution while FNMS is on-prem. The REST API in SBOM Insights can be used to perform any SBOM functions (import, view, edit, etc.).

Please let us know if you have a specific use case in mind and we can discuss further details.

‎Mar 13, 2023 09:16 AM