Getting Started With Turbo Scan

Use this guide to generate an SBOM with turbo scan and upload it to the Turbo Scan service for vulnerability analysis.

What You'll Learn

How to create an SBOM from a Turbo image or the local desktop
How to save the SBOM output for reuse
How to upload the SBOM to get a vulnerability report

Prerequisites

Install the Turbo CLI and sign in to your Turbo account.
Decide where you want to save the SBOM file (for example, sbom.json in your workspace).

Generate an SBOM

Scan a Turbo Image

Run a scan against one or more Turbo images and write the CycloneDX output to a file:

bash

turbo scan my-image:latest --output-file=sbom.json

Scan the Local Desktop

Inventory the local desktop instead of a Turbo image:

bash

turbo scan --type=desktop --output-file=sbom.json

Use --depth=minimal|standard|comprehensive to control how deep the desktop scan goes, and --include-paths or --exclude-paths to fine-tune coverage.

Analyze the SBOM

Go to the Turbo Scan web service.
Upload your sbom.json file.
Review the vulnerability report and prioritize Critical and High findings first.

Next Steps

Review What Is an SBOM? to understand the format you generated.
See the full turbo scan reference for additional flags and examples.

Getting Started With Turbo Scan ​

Prerequisites ​

Generate an SBOM ​

Scan a Turbo Image ​

Scan the Local Desktop ​

Analyze the SBOM ​