Downloading SBOMs

Downloading Individual SBOMs

1. Go to Assets in the left menu and select the asset you want to download.
2. On the individual asset page, click Download in the top right corner.
3. Choose from:
   • Download Original SBOM for original format
   • Download Edited SBOM if changes were made, including any manual edits and automated enrichment, if enabled.
4. Your download will start immediately.

You can also download SBOMs directly on the Assets or Uploads pages by clicking the ⠇button to the right of the row with your asset and selecting Download. This will download the most recent version of the SBOM.

Downloading SBOMs for a Product

When downloading an SBOM for an entire Product, Manifest will merge all SBOMs into a single file. If a product contains SBOMs with multiple formats (i.e. both SPDX and CycloneDX), you will need to

1. Go to Products in the left menu and select the product you want to download.
2. On the individual product page, click Download in the top right corner.
3. Choose from:
   1. Download SBOM
   2. Download As: This allows you to specify whether you download the SBOM as an SPDX or a CycloneDX file. Please note that selecting a different format may lead to some data loss.
4. Depending on the size of your product, the SBOM may take a while to generate. You will receive an email with a link to download the file as soon as it is ready.

Using the Manifest CLI

1. Install the CLI from github.com/manifest-cyber/cli
2. Generate an SBOM using:
   Bash

   manifest sbom [options] [path]

3. Specify options for:
   • Output format (CycloneDX, SPDX)
   • Generator (Syft, Trivy, CDXGen)
   • Save locally with --output
   • Upload directly with --publish

The platform supports all major SBOM formats and allows both original and edited versions to be downloaded. For automated workflows, consider using our APIs for programmatic access.