# Requests SBOM requests enable organizations to collect SBOMs from third-party vendors and suppliers. Interlynk provides a workflow for sending requests, receiving uploaded SBOMs, validating them, and integrating them into your Product inventory — all without requiring the vendor to have an Interlynk account. *** ## Overview The SBOM request workflow addresses a common challenge: obtaining SBOMs from vendors and suppliers who may not use SBOM management tooling. Interlynk sends an email to the vendor contact with a secure upload link, validates the uploaded SBOM, and makes it available for review and acceptance into your Products. Key capabilities: * **No vendor account required** — vendors receive an email with a secure upload link. * **Automatic link renewal** — upload links are valid for 24 hours but regenerate automatically if the vendor clicks an expired link. * **SBOM validation** — uploaded SBOMs are validated for format and completeness. * **Acceptance workflow** — review and accept vendor SBOMs into your Products and Environments. ## Architecture ``` SBOM Request Workflow 1. Requester creates request └── Email sent to vendor contact └── Secure upload link (valid 24 hours) 2. Vendor uploads SBOM └── Upload link → SBOM validation └── Status changes to "Uploaded" 3. Requester reviews and accepts └── Select target Product + Environment └── SBOM ingested into platform └── Standard processing pipeline applies ``` *** ## Sending SBOM Requests ### Via Dashboard 1. Navigate to the **Requests** page in the main navigation. 2. Click **+** (Request SBOM). 3. Enter the request details: | Field | Required | Description | | ---------------- | -------- | ---------------------------------------------------------- | | **Vendor Email** | Yes | Email address of the contact who will supply the SBOM | | **Product Name** | No | Name of the vendor product for which the SBOM is requested | | **Version** | No | Specific version of the vendor product | 4. Click **Save** to send the request. The vendor receives an email with a link to upload the SBOM. The vendor does not need an Interlynk account. {% hint style="info" %} The upload link is valid for 24 hours. If the vendor clicks the link after it expires, a new link is automatically generated and sent to the same email address. {% endhint %} *** ## Request Statuses | Status | Description | | ------------ | ----------------------------------------------------------------- | | **Pending** | Request has been sent; waiting for vendor to upload | | **Uploaded** | Vendor has uploaded an SBOM; awaiting review and acceptance | | **Accepted** | SBOM has been accepted and ingested into a Product | | **Expired** | Request link has expired without an upload (auto-renews on click) | *** ## Accepting Vendor SBOMs When a vendor uploads an SBOM, the request status changes to **Uploaded**. To accept and ingest the SBOM: 1. Navigate to the **Requests** page. 2. Locate the request with **Uploaded** status. 3. Click **Accept**. 4. Select the target **Product** and **Environment** to receive the SBOM. 5. Click **Accept** to complete. The SBOM is ingested into the selected Product and Environment and goes through the standard processing pipeline (SBOM Checks, Automation Rules, Vulnerability Scan, Policy Evaluation). {% hint style="warning" %} Review the vendor SBOM before accepting. Once accepted, the SBOM is processed and integrated into your Product data. Ensure the content matches your expectations for the requested product and version. {% endhint %} *** ## Managing Requests ### Viewing All Requests 1. Navigate to the **Requests** page. 2. The request list displays: | Column | Description | | ---------------- | ------------------------------------- | | **Vendor Email** | Email address the request was sent to | | **Product** | Requested product name (if specified) | | **Version** | Requested version (if specified) | | **Status** | Current request status | | **Date** | When the request was created | ### Tracking Outstanding Requests Filter the request list by **Pending** status to identify requests that have not yet been fulfilled. Follow up with vendors as needed. *** ## Permission Matrix | Permission | Admin | Operator | Viewer | | ------------- | :---: | :------: | :----: | | View requests | ✓ | ✓ | ✓ | | Edit requests | ✓ | ✓ | — | For full permission details, see [Role Management](/administration/role-management.md). *** ## Security Warnings {% hint style="warning" %} **Vendor-supplied SBOMs should be reviewed before acceptance.** A vendor may provide an incomplete, inaccurate, or outdated SBOM. Validate the content — check for complete component lists, proper identifiers, and correct version information — before accepting. {% endhint %} {% hint style="warning" %} **Upload links are sent via email.** Ensure you are sending requests to verified vendor contacts. The upload link allows anyone with access to it to upload a file. {% endhint %} *** ## Common Misconfigurations | Issue | Symptom | Fix | | -------------------------------------------- | ----------------------------------------------- | ------------------------------------------------------------------------------------------------ | | Vendor did not receive the email | Request stays in "Pending" status | Verify the email address is correct; check the vendor's spam folder | | Upload link expired | Vendor reports link does not work | The link auto-renews when clicked; ask the vendor to click the expired link to receive a new one | | Wrong Product/Environment selected on accept | SBOM appears in unexpected location | Delete the ingested SBOM and re-accept with the correct target | | Vendor uploaded incorrect file | SBOM validation fails or content does not match | Contact the vendor and request a corrected SBOM upload | | No requests page visible | User cannot access the Requests page | Verify the user has "View requests" permission | *** ## Recommended Best Practices * **Include product name and version in requests.** This gives vendors clear context on what SBOM to provide and reduces back-and-forth. * **Follow up on pending requests** within a reasonable timeframe. Some vendors may need guidance on SBOM generation. * **Review vendor SBOMs before accepting.** Validate that the SBOM contains meaningful component data, proper identifiers (PURL/CPE), and matches the requested product. * **Accept into a dedicated Environment.** Consider accepting vendor SBOMs into a "vendor" or "third-party" Environment for separate tracking and policy evaluation. * **Run vulnerability scanning on accepted SBOMs.** Ensure "Run Vulnerability Scan" is enabled in the target Environment Settings so vendor components are scanned for known vulnerabilities. * **Establish a regular cadence for vendor SBOM collection.** Request updated SBOMs from critical vendors on a quarterly or release-based schedule. * **Track request fulfillment rates.** Monitor which vendors consistently provide SBOMs and which require follow-up, to improve your vendor management process. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.interlynk.io/product-guides/sbom-management/requests.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.