Hy everybody.
Is there a chance to import SBOM spdx.json or cyclonedx.json into FNMS-Suite. The goal is to figure out if commercial JAVA-Editions are in use.
Do i need IT-Visability (Dataplattform) to do so?
Mar 09, 2023 05:19 AM
Hi @GerdaZ, you are correct... SBOM Management has recently been introduced as a new capability in Flexera One. This is the beginning of the journey to provide management of SBOMs for discovered COTS application. The current integration allows Flexera One ITAM/ITV customers who also have an entitlement for Revenera SBOM Insights to manually import and associate SBOMs for discovered COTS applications.
While there no “integration” with FNMS on-premises, if an FNMS customer also has an SBOM Insights entitlement, they can use the two solutions together. The catch is that SBOM Insights in a SaaS solution while FNMS is on-prem. The REST API in SBOM Insights can be used to perform any SBOM functions (import, view, edit, etc.).
Please let us know if you have a specific use case in mind and we can discuss further details.
Mar 13, 2023 09:16 AM
Thanks for the question@GerdaZ.
In September 2022, Revenera released a new SaaS product called SBOM Insights for SBOM Management. It supports ingestion of SBOMs in SPDX, CycloneDX, and Code Insight's JSON export formats to unify internal SBOMs for the code under your control and external SBOMs from upstream partners, developers, and software suppliers/vendors.
If you have discovered COTS applications using FNMS, you can create/import a corresponding SBOM into SBOM Insights and cross reference the discovered application to the SBOM. If your software vendor has provided SBOMs for the application which you have purchased from them, they can also be imported into SBOM Insights.
Once you import an SBOM into SBOM Insights, you can use the advanced search functionality to find SBOM parts of interest by part name, part age, associated license(s), associated security vulnerabilities, vulnerability ago, or package URLs (PURLs). You can also generate unified SBOM reports in SPDX, CycloneDX, and human readable (HTML/Excel) formats along with the associated security reports (VDR/VEX).
Mar 10, 2023 03:32 PM - edited Mar 10, 2023 03:33 PM
Hi, SBOM Insight is part of Flexera ONE and has to be licensed additionally.
We are on Flexera On Premise. Does ist rund with FNMS on premise?
Mar 13, 2023 02:00 AM
Hi @GerdaZ, you are correct... SBOM Management has recently been introduced as a new capability in Flexera One. This is the beginning of the journey to provide management of SBOMs for discovered COTS application. The current integration allows Flexera One ITAM/ITV customers who also have an entitlement for Revenera SBOM Insights to manually import and associate SBOMs for discovered COTS applications.
While there no “integration” with FNMS on-premises, if an FNMS customer also has an SBOM Insights entitlement, they can use the two solutions together. The catch is that SBOM Insights in a SaaS solution while FNMS is on-prem. The REST API in SBOM Insights can be used to perform any SBOM functions (import, view, edit, etc.).
Please let us know if you have a specific use case in mind and we can discuss further details.
Mar 13, 2023 09:16 AM