Work with Cybersecurity¶
How to manage cybersecurity projects, upload bills of materials, track vulnerability metrics, and submit VEX documents
using the cs commands.
Browse projects¶
List all root projects and their subprojects:
Filter to a specific root project by exact name:
Inspect a specific project by UUID:
The detail view includes the parent project (if any), last BOM import timestamp, current risk score, and all direct subprojects.
Create a root project¶
Root projects act as parent folders, one per IoT model. Before uploading a BOM you need a root project whose name matches the model. If you upload a BOM and the root project does not exist yet, it is created automatically — but you can also create it explicitly:
This resolves the model gateway-v2 from PMS and creates the corresponding root project.
Upload a bill of materials¶
Upload a CycloneDX-compatible BOM file for a specific firmware version:
The CLI resolves the model from PMS, uses the firmware name as the subproject name, and the model name as the parent project name. The subproject is created automatically if it does not yet exist.
Preview what would be uploaded without sending:
Tip
Use tlm-cli pms models show MODEL_NAME to confirm the firmware name before uploading —
that name becomes the subproject name.
Check vulnerability metrics¶
Once a BOM has been processed, retrieve the CVE metrics for a project over a date range:
Dates must be in YYYYMMDD format. The output table shows daily snapshots with critical, high, medium, and low vulnerability
counts plus the inherited risk score.
To get the UUID of a specific firmware version project, use projects list or projects show.
Clone a project to a new version¶
When a new firmware version is released, clone an existing project rather than starting from scratch:
By default, the clone carries tags, components, the dependency graph, and audit history. Additional flags control what is copied:
# Also copy ACL entries
tlm-cli cs projects clone <uuid> --version "1.3.0" --include-acl
# Skip component data (useful for structural scaffolding only)
tlm-cli cs projects clone <uuid> --version "1.3.0" --no-components
# Mark the clone as the latest version
tlm-cli cs projects clone <uuid> --version "1.3.0" --make-latest
Cloning is asynchronous — the new project appears in cs projects list once the service has processed it
(usually within a few seconds).
After cloning, the new project lands at the root level. Move it under the correct parent:
Upload a VEX document¶
Upload a VEX document to suppress or contextualise known vulnerabilities. Target the project by UUID:
Or by name and version:
Preview without uploading:
See also