Activate SBOM support

  • Release version: Australia
  • Updated May 12, 2026
  • 1 minute to read

    • Install the required applications and verify prerequisites to enable SBOM collection in Third-party Risk Management (TPRM).

    Before you begin

    • Verify that the Smart Assessment Engine is enabled. SBOM collection is not supported for Classic assessments.
    • Check your entitlements to determine whether you have access to this application and all associated ServiceNow Store applications. For more information, see Get entitlement for a ServiceNow product or application.

    Role required: admin

    About this task

    An SBOM (Software Bill of Materials) is a structured inventory of the software components in a product. In TPRM, SBOM collection is performed through engagement-level external assessments using the Smart Assessment Engine. Installing the core SBOM applications makes the required data structures and processing capabilities available in your instance. Installing the optional vulnerability response applications adds vulnerability context for individual SBOM components.

    Procedure

    1. Navigate to All > System Applications > All Available Applications > All.
    2. Install the required SBOM applications.

      Find each application using the filter criteria and search bar, then select Install for each one.

      Table 1. Required SBOM applications
      Application ID
      SBOM Core sn_sbom_core
      Data Model for SBOM sn_sbom_dm
      Core SBOM data structures and processing capabilities are available in the instance.
    3. Optional: Install the optional vulnerability response applications if you require vulnerability insights for SBOM components.

      Find each application using the filter criteria and search bar, then select Install for each one.

      Table 2. Optional SBOM vulnerability response applications
      Application ID
      SBOM Response sn_sbom_resp
      Vulnerability Response sn_vul
      Note:
      These applications enable vulnerability context for SBOM components but are not required to collect SBOM files.
    4. Verify that SBOM fields and related lists are available on an engagement record.
      1. Navigate to the Vendor Management Workspace using one of the following methods:
        • Select Workspaces > Vendor Management Workspace.
        • Navigate to All > Third-party Risk Management > Vendor Management Workspace.
      2. Open an engagement record.
      3. Confirm that the SBOM required field is visible on the engagement record, and that the SBOM document related list appears on the engagement.
      The instance is ready to collect SBOM information through engagement-level external assessments.

    What to do next

    After installing SBOM support, you can request an SBOM from a third party through an engagement-level external assessment. For next steps, see Request a software bill of materials from an engagement.