The automated duplication of SBOMs is best achieved by multiple uploads through the RestAPI where each SBOM is separated by different tag sets.
In the SBOM show page there is a button to Duplicate the SBOM. Below some examples of use cases for SBOM duplication:
Most software products include open-source components, and a vulnerability in any of these components could potentially impact multiple products. In SBOM Central, it's easy to analyze each product (SBOM) separately, enabling tailored decisions for each one.
Additionally, it's important to analyze individual products deployed in different environments, as a vulnerability might be critical in one scenario but less impactful in another. SBOM Central addresses this by allowing multiple SBOM uploads, with each upload assigned a unique tag.
Vulnerability analysis in SBOM Central is organized by tags, ensuring separate assessments for each individual SBOM.
This use case for duplication in short, means an opportunity to modify tags in order to achieve a separate analysis later.