Software Bill of Materials (SBOM)
Preview Feature — Available in VIPM 2026 Q3 Preview
The SBOM and sync commands are available in the VIPM 2026 Q3 Preview. Download it to try these features and share your feedback.
A Software Bill of Materials (SBOM) is a machine-readable inventory of every software component in your product — including package names, versions, suppliers, licenses, and cryptographic hashes. SBOMs give you and your customers visibility into exactly what ships in your software.
Why SBOMs matter
Regulations such as the EU Cyber Resilience Act (CRA) and US Executive Order 14028 are making SBOMs a requirement for software products in regulated markets. Beyond compliance, SBOMs support practical goals like license auditing, vulnerability tracking, and supply chain transparency.
What VIPM generates
The VIPM CLI generates CycloneDX 1.5 SBOMs in JSON format. A single command scans your LabVIEW project and produces an SBOM that includes:
- VIPM packages — packages installed via VI Package Manager
- NI packages (NIPM) — packages installed via NI Package Manager
- Enriched metadata — descriptions, vendors, and license identifiers
- Cryptographic hashes — checksums for each component
- Product metadata — your application's name, version, and component type
Supported inputs
| Input type | Description | LabVIEW required? |
|---|---|---|
vipm.toml |
Project manifest with declared dependencies | No |
.lvproj |
LabVIEW project file — scans installed packages directly | Yes |
.dragon |
Dragon configuration file | No |
.vipc |
VIPM configuration file | No |
Choose the input that matches your workflow. If your project already uses vipm.toml, that's the simplest path — no LabVIEW installation is needed. For existing LabVIEW projects, point directly at your .lvproj file. See Workflows for guidance on each approach.
Prerequisites
- VIPM 2026 Q3 Preview or later — download here
- LabVIEW — required only when generating SBOMs from
.lvprojfiles - NI Package Manager — required only when including NI packages in the SBOM
Verify your CLI is available:
Next steps
- Getting Started — generate your first SBOM in a few minutes
- Workflows — choose the right approach for your project and environment
- Output Reference — understand the CycloneDX fields, data sources, and enrichment in your SBOM
- CLI Command Reference — full parameter reference for
vipm sbom
Need Help?
- Report issues on GitHub
- Join our community on Discord
- Check the Support page for additional resources