> For the complete documentation index, see [llms.txt](https://docs.interlynk.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.interlynk.io/product-guides/sbom-management/doctor.md). # SBOM Doctor SBOM Doctor runs a suite of quality checks against an SBOM's components and flags structural problems — malformed identifiers, version mismatches, missing licenses, and unresolvable PURLs — before they affect vulnerability correlation or compliance scoring. *** ## Overview Doctor results appear on the **Doctor** tab of any uploaded SBOM's detail page, with filters, per-component findings, and project-scoped suppressions. Results are cached for 30 minutes and recomputed when the SBOM changes. A **force-rescan** button bypasses the cache to recompute findings immediately. Authenticated users unlock a broader set of checks that require external registry lookups. *** ## Checks Doctor runs checks across two domains: * **Identifier checks** — validate CPE and PURL syntax, cross-consistency between identifiers, version alignment, and whether components are missing identifiers entirely. * **License checks** — validate SPDX expression syntax and whether components have a license declared. Authenticated users unlock an additional set of checks that perform external lookups — verifying CPEs against the NVD dictionary, resolving PURLs against package registries, and confirming license IDs are recognized SPDX identifiers. *** ## Dashboard UI Doctor results appear on the **Doctor** tab of any SBOM's detail view. ### Viewing Results 1. Open a Product and navigate to a Version. 2. Click the **Doctor** tab on the SBOM detail page. 3. The table shows one row per finding, with columns for the affected component, version, check code, severity, domain, and a human-readable summary. CPE and PURL identifiers in findings are click-to-copy — click an identifier to copy it to the clipboard. ### Refreshing Results Doctor caches results for 30 minutes. To recompute findings without waiting for the cache to expire, use the **force-rescan** button (next to **Export CSV**). This bypasses the cache and re-runs the checks immediately, which is useful after correcting identifiers or re-uploading an SBOM. ### Filtering Use the sub-header controls to narrow findings: | Filter | Options | | -------------- | ------------------------------------- | | **Search** | Filter by component name | | **Domain** | `identifier`, `license` | | **Severity** | `critical`, `high`, `medium`, `low` | | **Check Code** | Filter to one or more specific checks | Click a row to open the component drawer for full component detail and editing. ### Stats Badge The Doctor tab label shows a badge with the count of `critical` and `high` findings for quick triage without opening the tab. ### Exporting Results Use the **Export CSV** action in the Doctor tab's menu (next to **Refresh**) to download the findings table as a CSV file for offline review or sharing. The export dialog includes an **Apply search and filters** option (on by default) — leave it on to export only the currently filtered findings, or turn it off to export the full diagnostics table. Click **Download** to save the file. ## Suppressions Suppress specific checks per project to avoid noise from checks that don't apply to your context — for example, suppressing `IDT-MISSING-001` for a project that intentionally ships internal-only components without PURLs. ### Configuring Suppressions 1. Navigate to the Product page. 2. Open **Settings** and select the **Doctor Checks** section. 3. Toggle any check off to suppress it for all SBOMs in this project. Suppressed checks do not generate findings and are excluded from stats. The toggle is on by default (suppressed = off). Suppression changes are audit-logged. ### Permission Suppression configuration requires the `edit_product_settings` permission within `view_product_group`. *** ## Common Findings and Fixes | Finding | What it means | | -------------- | ----------------------------------------------------------------------------------------- | | `IDT-CPE-001` | CPE is not in valid CPE 2.3 format — regenerate from your SBOM tool or correct the string | | `IDT-PURL-001` | PURL is malformed — regenerate from your build tool | For help interpreting other findings, contact . --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.interlynk.io/product-guides/sbom-management/doctor.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.