# Uploading an SBOM Uploading a Software Bill of Materials gives Seal a one-time view of the components in a built environment, without needing access to the source or the build pipeline. The Seal Project lands in [imported manifest discovery mode](/new-documentation/new-docs/package-discovery-mode/imported-manifest.md). The snapshot does not refresh. SBOM uploads are useful for: * Assessing a vendor-supplied component you are evaluating. * Standing up a Seal Project quickly for an environment whose build you do not own. * Auditing an existing artifact you have a generated SBOM for. ## Supported formats * **CycloneDX** in JSON, identified by `"bomFormat": "CycloneDX"` in the file. * **SPDX** in JSON, identified by an `"SPDXID"` field. XML SBOMs are not accepted. If your tooling produces XML, regenerate or convert to JSON before uploading. ## Steps Follow the [shared Import from file flow](/new-documentation/new-docs/importing-manifests.md#the-shared-flow). Drag your `.json` SBOM onto the upload area; the detector reads the file's contents to identify the format. ## Verify The new Seal Project appears on the Projects page in **Imported manifest** discovery mode. Discovered packages appear on the Protection page's Vulnerable packages tab as the parser finishes. For ongoing remediation of an SBOM-described environment, plan to switch to a higher-reliability discovery mode once you have the access to do so. The SBOM upload is a snapshot; new commits or vulnerabilities discovered after the upload do not refresh it. ## Related * [Importing manifests & SBOMs](/new-documentation/new-docs/importing-manifests.md): the parent overview. * [Imported manifest mode](/new-documentation/new-docs/package-discovery-mode/imported-manifest.md): coverage and refresh behavior. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sealsecurity.io/new-documentation/new-docs/importing-manifests/sbom.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.