The RKVST* SBOM hub is a place to publish your SCA SBOMs that provides provenance information, governance capabilities, and an immutable record of the composition of your software.  SOOS integrates with the RKVST SBOM hub to allow you to export the SBOMs you generate in SOOS. 

*(pronounced like "archivist")

To use this feature of SOOS, you must first create an RKVST account. 

RKVST Signup

 Visit https://sbom.rkvst.io to sign up.  (The sign-up is free!)  Refer to their Getting Started with RKVST SBOM Hub article for guidance. 

Complete the App Registration steps to manage API access to RKVST.  Make sure to copy and securely store the Client ID and Secret at this point: the Secret is NOT recoverable after you navigate away from the page!

Integrating with RKVST SBOM Hub

Once you have completed the RKVST setup and have obtained the Client ID and Secret, return to the SOOS app.

Navigate to Integrate > External Connections > RKVST and save the credentials in the corresponding fields.  

 

Publishing a SOOS SBOM to RKVST

Browse to a desired project with a completed SCA scan and follow instructions for Generating an SBOM

  • SBOMs being exported to RKVST must be Text or JSON file types for SPDX format or XML or JSON types for CycloneDX format.

In the Destination section select RKVST. Click Export when finished. 

Once exported, find the SBOM files in the RKVST SBOM Hub under SBOMs and Products.