cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Import JSON into FNMS

Hy everybody.
Is there a chance to import SBOM spdx.json or cyclonedx.json into FNMS-Suite. The goal is to figure out if commercial JAVA-Editions are in use. 
Do i need IT-Visability (Dataplattform) to do so?

Cat
(1) Solution

Hi @GerdaZ, you are correct... SBOM Management has recently been introduced as a new capability in Flexera One. This is the beginning of the journey to provide management of SBOMs for discovered COTS application. The current integration allows Flexera One ITAM/ITV customers who also have an entitlement for Revenera SBOM Insights to manually import and associate SBOMs for discovered COTS applications.

While there no “integration” with FNMS on-premises, if an FNMS customer also has an SBOM Insights entitlement, they can use the two solutions together. The catch is that SBOM Insights in a SaaS solution while FNMS is on-prem. The REST API in SBOM Insights can be used to perform any SBOM functions (import, view, edit, etc.).

Please let us know if you have a specific use case in mind and we can discuss further details.

View solution in original post

(3) Replies

Thanks for the question@GerdaZ.

In September 2022, Revenera released a new SaaS product called SBOM Insights for SBOM Management. It supports ingestion of SBOMs in SPDX, CycloneDX, and Code Insight's JSON export formats to unify internal SBOMs for the code under your control and external SBOMs from upstream partners, developers, and software suppliers/vendors.

If you have discovered COTS applications using FNMS, you can create/import a corresponding SBOM into SBOM Insights and cross reference the discovered application to the SBOM. If your software vendor has provided SBOMs for the application which you have purchased from them, they can also be imported into SBOM Insights.

Once you import an SBOM into SBOM Insights, you can use the advanced search functionality to find SBOM parts of interest by part name, part age, associated license(s), associated security vulnerabilities, vulnerability ago, or package URLs (PURLs). You can also generate unified SBOM reports in SPDX, CycloneDX, and human readable (HTML/Excel) formats along with the associated security reports (VDR/VEX).

Hi, SBOM Insight is part of Flexera ONE and has to be licensed additionally. 
We are on Flexera On Premise. Does ist rund with FNMS on premise?

Cat

Hi @GerdaZ, you are correct... SBOM Management has recently been introduced as a new capability in Flexera One. This is the beginning of the journey to provide management of SBOMs for discovered COTS application. The current integration allows Flexera One ITAM/ITV customers who also have an entitlement for Revenera SBOM Insights to manually import and associate SBOMs for discovered COTS applications.

While there no “integration” with FNMS on-premises, if an FNMS customer also has an SBOM Insights entitlement, they can use the two solutions together. The catch is that SBOM Insights in a SaaS solution while FNMS is on-prem. The REST API in SBOM Insights can be used to perform any SBOM functions (import, view, edit, etc.).

Please let us know if you have a specific use case in mind and we can discuss further details.