| title | intro | versions | permissions | type | topics | shortTitle | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Exporting a software bill of materials for your repository |
You can export a software bill of materials or SBOM for your repository from the dependency graph. SBOMs allow transparency into your open source usage and help expose supply chain vulnerabilities, reducing supply chain risks. |
|
Anyone can export the dependency graph of a repository as a software bill of materials. The SBOM export will contain a list of the dependencies that are used in the repository. |
how_to |
|
Export dependencies as SBOM |
{% data reusables.dependabot.about-the-dependency-graph %}
You can export the current state of the dependency graph for your repository as a Software Bill of Materials (SBOM) using the industry standard SPDX format:
- Via the {% data variables.product.prodname_dotcom %} UI
- Using the REST API
{% data reusables.dependency-graph.sbom-intro %}
If your company provides software to the US federal government per Executive Order 14028, you will need to provide an SBOM for your product. You can also use SBOMs as part of your audit process and use them to comply with regulatory and legal requirements.
{% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.accessing-repository-graphs %}
- In the left sidebar, click Dependency graph.
- On the top right side of the Dependencies tab, click Export SBOM to generate an SBOM file for download from your browser.
If you want to use the REST API to export an SBOM for your repository, see "AUTOTITLE."