Compliance documents live on Document-type components. From Components, create a workspace-wide Document component (e.g. SOC 2 Type II Compliance), then upload the file with its version, document type, subcategory, and description.
Walkthrough
Uploading compliance documents
sbomify treats compliance documents - such as SOC 2 Type II reports, ISO 27001 certificates, CE certificates, and other attestations - as Document components. Like SBOM components they hold versioned artifacts, but their content is a PDF instead of an SBOM. Marking the component as workspace-wide means a single SOC 2 report can be linked into every project and product that needs it, without re-uploading.
To upload a compliance document:
- Navigate to Components in the workspace sidebar
- Click Add Component, name it (e.g.
SOC 2 Type II Compliance), set Type to Document, and tick Workspace-wide component, then submit - Open the new component and fill in the upload form: Version (e.g.
2024), Document Type (e.g.Compliance), Subcategory (e.g.SOC 2), and a short Description - Choose the file and click Save Document
The uploaded document appears in the component’s documents table and can be linked to any project or product that uses this component, and shared externally via your Trust Center.