Best Practices
This guide provides recommendations for using the SBOM Creation Wizard effectively.
Project Organization
Project Organization
Consistent Naming
- Use semantic versioning for version names
- Maintain consistent product and project names
- Include date or build numbers for clarity
Appropriate Scanning
- Use full OSS scanning for production SBOMs
- Use packages-only for quick initial analysis
- Re-scan with full OSS when needed
File Filters
Performance Optimization
- Exclude build directories (
target/,build/,dist/) - Exclude dependency folders (
node_modules/,vendor/) - Exclude test files if not needed
- Exclude version control folders (
.git/,.svn/)
Accuracy
- Include all source code directories
- Include third-party libraries not in package manifests
- Include configuration files with dependencies
Package Scanners
Enable All Relevant Package Managers
- Projects using multiple package managers need multiple scanners added
- Projects with multiple modules may need the same package manager added multiple times with different paths
- Ensures complete dependency detection
Scanning Strategy
Full Scanning with Knowledge Base
- Enable CAST OSS Knowledge Base with Full scan mode for production SBOMs
- Provides complete component inventory
- Enables license and vulnerability management
- Worth the additional processing time
Having Issues?
If you encounter problems while using the wizard, see the Troubleshooting Guide for common issues and solutions.