# Software Bill of Materials (SBOM)

## Comprehensive SBOM with full coverage

Arnica's SBOM page provides a comprehensive list of all packages used within your source code. The SBOM inventory page is filterable, searchable, and exportable in enriched Cyclone DX format. The SBOM page consists of inventory views for all repositories integrated with Arnica, updated weekly on free plans, and daily for all tiers Team and above.

Arnica's SBOM shows top level package and CVE counts for each repo within your organization. Expanding a repository will provide file and package level detail for each package included. This detail includes enriched context such as the packages licensing type, OpenSSF scorecard rating, number of stars, and reputation trend. \\

<figure><img src="/files/WCY1rDv4IDq2kNwdruWm" alt=""><figcaption></figcaption></figure>

## Filtering results within the SBOM page

Arnica's SBOM page is fully filterable and searchable. To filter down to a specific resource select the "Asset" column header. Here you can filter by SCM, Org, Project, Repo, and Branch.\\

<figure><img src="/files/UA7xF3XbclFrK9F30bY9" alt=""><figcaption></figcaption></figure>

## Searching within the SBOM report

You can easily search for assets, packages, or licenses in use by using the search bar. The findings displayed in the table will be limited to only those that include the search string. For example, when searching for "LGPL", the table will display only packages that leverage the LGPL license type. When expanding the dependency lists of repositories that use both LGPL and other licenses, the drop down list will display only those that match the search criteria.

{% hint style="info" %}
Filters on the SBOM page are applied independently from the search input and will result in a combined result output.
{% endhint %}

## Export formats

Arnica's SBOM report is exportable in JSON and CSV formats. JSON exports conform to CycloneDX and include enriched vulnerability and package context displayed in the UI.

To export SBOM artifacts, select the repositories you want to include and click **Download SBOMs For Selected** in the upper-right corner.

<figure><img src="/files/zgEq3dojgnTwWWUzFZbN" alt=""><figcaption></figcaption></figure>

## License report exports

License-focused reporting supports additional export formats, including PDF and HTML views in addition to CSV where available.

## API availability

Arnica's API supports reading findings and risk data, but full SBOM export artifacts are currently generated from the UI export workflow.

## Troubleshooting

### SBOM data appears stale

If package inventory is not refreshing:

1. Confirm recent pushes reached the monitored branch.
2. Wait for the next scheduled processing cycle.
3. Verify integration health (for example, integration token validity and repository access).

### Dependency files in subfolders are not reflected

Arnica scans manifests recursively. If expected package files are missing from SBOM:

* Confirm manifests and lock files are committed.
* Confirm paths are not excluded by repository or policy configuration.
* Re-check after the next processing cycle following a push.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.arnica.io/arnica-documentation/inventory/software-bill-of-materials-sbom.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.