Getting Started with Turbo Scan

This guide will walk you through the process of using Turbo Scan to generate an SBOM and analyze it for vulnerabilities.

Generating an SBOM

You can use Turbo Scan to generate an SBOM for either a container image (SVM) or the native host system.

Scanning a Container (SVM)

To scan a container image, specify the image name:

turbo scan <image_name> > sbom.json

Replace <image_name> with the name of the Turbo image you want to scan.

Scanning the Native System

To scan the native host system, use the --native flag:

turbo scan --native > sbom.json

This will generate an SBOM for the underlying operating system and all installed applications.

Sample Output

The generated sbom.json file will be in CycloneDX format. Below is a simplified example of the output:

json

{
  "bomFormat": "CycloneDX",
  "specVersion": "1.4",
  "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
  "version": 1,
  "components": [
    {
      "type": "application",
      "name": "Example App",
      "version": "1.0.0"
    }
  ]
}

Analyzing the SBOM

Once you have generated the SBOM file, you can upload it to the Turbo.net Scan web service to get a detailed vulnerability report.

Navigate to https://turbo.net/scan in your web browser.
Upload the sbom.json file you created.
The web service will analyze the SBOM and display a report of any found vulnerabilities.

Getting Started with Turbo Scan ​

Generating an SBOM ​

Scanning a Container (SVM) ​

Scanning the Native System ​