From 1bf157600e08667c79f83baaf317f55d424b65e3 Mon Sep 17 00:00:00 2001
From: Abdul Kapti <abdul.mannankapti@siemens.com>
Date: Fri, 7 Aug 2020 11:14:09 +0530
Subject: [PATCH] feat(UI/REST): CycloneDX SBOM Importer & Exporter
 Signed-off-by: afsahsyeda <afsah.syeda@siemens-healhtineers.com>
 Signed-off-by: akapti <abdul.kapti@siemens-healthineers.com>

---
 backend/src-common/pom.xml                    |   8 +
 .../sw360/cyclonedx/CycloneDxBOMExporter.java | 294 +++++++++
 .../sw360/cyclonedx/CycloneDxBOMImporter.java | 560 ++++++++++++++++++
 .../db/ComponentDatabaseHandler.java          |  23 +-
 .../datahandler/db/ComponentRepository.java   |  56 +-
 .../datahandler/db/DatabaseHandlerUtil.java   |  30 +-
 .../db/ProjectDatabaseHandler.java            |  56 +-
 .../datahandler/db/ReleaseRepository.java     |  43 +-
 .../sw360/projects/ProjectHandler.java        |  25 +-
 frontend/sw360-portlet/pom.xml                |   4 +
 .../sw360/portal/common/PortalConstants.java  |   8 +-
 .../sw360/portal/common/PortletUtils.java     |   6 +
 .../portlets/projects/ProjectPortlet.java     | 102 +++-
 .../resources/css/components/_tooltips.scss   |  37 ++
 .../resources/html/admin/oauthclient/view.jsp |   2 +-
 .../includes/components/detailOverview.jspf   |   2 +-
 .../includes/components/editBasicInfo.jspf    |  40 +-
 .../includes/components/summary.jspf          |   4 +
 .../includes/releases/detailOverview.jspf     |   2 +-
 .../resources/html/components/view.jsp        |   2 +-
 .../projects/includes/detailOverview.jspf     | 192 +++++-
 .../includes/projects/clearingStatus.jsp      |   4 +-
 .../html/projects/includes/searchProjects.jsp |   4 +-
 .../META-INF/resources/html/projects/view.jsp |  12 +-
 .../META-INF/resources/html/search/view.jsp   |   2 +-
 .../html/utils/includes/attachmentsDetail.jsp | 147 ++++-
 .../html/utils/includes/importBom.jspf        | 281 +++++++--
 .../html/utils/includes/searchReleases.jsp    |   2 +-
 .../resources/js/utils/includes/clipboard.js  |  23 +-
 .../resources/content/Language.properties     | 104 +++-
 .../resources/content/Language_ja.properties  |  99 +++-
 .../resources/content/Language_vi.properties  | 100 +++-
 .../resources/content/Language_zh.properties  | 102 +++-
 .../sw360/portal/portlets/base.properties     |   2 +
 .../src/main/resources/sw360.properties       |  12 +
 libraries/datahandler/pom.xml                 |   4 +
 .../datahandler/common/SW360Constants.java    |  16 +
 .../sw360/datahandler/common/SW360Utils.java  |  48 +-
 .../datahandler/common/ThriftEnumUtils.java   |  15 +-
 .../src/main/thrift/components.thrift         |   2 +
 .../src/main/thrift/projects.thrift           |  15 +
 .../datahandler/src/main/thrift/sw360.thrift  |  11 +
 pom.xml                                       |  12 +-
 .../src/docs/asciidoc/projects.adoc           |  43 +-
 .../core/JacksonCustomizations.java           |   5 +-
 .../project/ProjectController.java            |  81 ++-
 .../project/Sw360ProjectService.java          |  16 +-
 .../restdocs/ProjectSpecTest.java             | 103 +++-
 48 files changed, 2522 insertions(+), 239 deletions(-)
 create mode 100644 backend/src-common/src/main/java/org/eclipse/sw360/cyclonedx/CycloneDxBOMExporter.java
 create mode 100644 backend/src-common/src/main/java/org/eclipse/sw360/cyclonedx/CycloneDxBOMImporter.java

diff --git a/backend/src-common/pom.xml b/backend/src-common/pom.xml
index 9f8ce85d44..46b95cb588 100644
--- a/backend/src-common/pom.xml
+++ b/backend/src-common/pom.xml
@@ -55,5 +55,13 @@
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-lang3</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.cyclonedx</groupId>
+            <artifactId>cyclonedx-core-java</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.github.package-url</groupId>
+            <artifactId>packageurl-java</artifactId>
+        </dependency>
     </dependencies>
 </project>
diff --git a/backend/src-common/src/main/java/org/eclipse/sw360/cyclonedx/CycloneDxBOMExporter.java b/backend/src-common/src/main/java/org/eclipse/sw360/cyclonedx/CycloneDxBOMExporter.java
new file mode 100644
index 0000000000..9e5c5f0521
--- /dev/null
+++ b/backend/src-common/src/main/java/org/eclipse/sw360/cyclonedx/CycloneDxBOMExporter.java
@@ -0,0 +1,294 @@
+/*
+ * Copyright Siemens Healthineers GmBH, 2023. Part of the SW360 Portal Project.
+ *
+ * This program and the accompanying materials are made
+ * available under the terms of the Eclipse Public License 2.0
+ * which is available at https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ */
+package org.eclipse.sw360.cyclonedx;
+
+import java.io.IOException;
+import java.util.AbstractMap;
+import java.util.Date;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Set;
+import java.util.TreeSet;
+import java.util.stream.Collectors;
+
+import org.apache.jena.ext.com.google.common.collect.Sets;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.cyclonedx.exception.GeneratorException;
+import org.cyclonedx.generators.json.BomJsonGenerator14;
+import org.cyclonedx.generators.xml.BomXmlGenerator14;
+import org.cyclonedx.model.Bom;
+import org.cyclonedx.model.Component.Type;
+import org.cyclonedx.model.ExternalReference;
+import org.cyclonedx.model.License;
+import org.cyclonedx.model.LicenseChoice;
+import org.cyclonedx.model.Metadata;
+import org.cyclonedx.model.Tool;
+import org.eclipse.sw360.datahandler.common.CommonUtils;
+import org.eclipse.sw360.datahandler.common.SW360Constants;
+import org.eclipse.sw360.datahandler.common.SW360Utils;
+import org.eclipse.sw360.datahandler.db.ComponentDatabaseHandler;
+import org.eclipse.sw360.datahandler.db.ProjectDatabaseHandler;
+import org.eclipse.sw360.datahandler.thrift.CycloneDxComponentType;
+import org.eclipse.sw360.datahandler.thrift.RequestStatus;
+import org.eclipse.sw360.datahandler.thrift.RequestSummary;
+import org.eclipse.sw360.datahandler.thrift.SW360Exception;
+import org.eclipse.sw360.datahandler.thrift.ThriftClients;
+import org.eclipse.sw360.datahandler.thrift.components.Component;
+import org.eclipse.sw360.datahandler.thrift.components.Release;
+import org.eclipse.sw360.datahandler.thrift.projects.Project;
+import org.eclipse.sw360.datahandler.thrift.projects.ProjectService;
+import org.eclipse.sw360.datahandler.thrift.users.User;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.google.common.collect.Lists;
+
+/**
+ * CycloneDX BOM export implementation.
+ * Supports both XML and JSON format of CycloneDX SBOM
+ *
+ * @author abdul.kapti@siemens-healthineers.com
+ */
+public class CycloneDxBOMExporter {
+
+    private static final Logger log = LogManager.getLogger(CycloneDxBOMExporter.class);
+    private final ProjectDatabaseHandler projectDatabaseHandler;
+    private final ComponentDatabaseHandler componentDatabaseHandler;
+    private final User user;
+
+    public CycloneDxBOMExporter(ProjectDatabaseHandler projectDatabaseHandler, ComponentDatabaseHandler componentDatabaseHandler, User user) {
+        this.projectDatabaseHandler = projectDatabaseHandler;
+        this.componentDatabaseHandler = componentDatabaseHandler;
+        this.user = user;
+    }
+
+    public RequestSummary exportSbom(String projectId, String bomType, Boolean includeSubProjReleases, User user) {
+        final RequestSummary summary = new RequestSummary(RequestStatus.SUCCESS);
+        try {
+            Project project = projectDatabaseHandler.getProjectById(projectId, user);
+            Bom bom = new Bom();
+            Set<String> linkedReleaseIds = Sets.newHashSet(CommonUtils.getNullToEmptyKeyset(project.getReleaseIdToUsage()));
+
+            if (!SW360Utils.isUserAtleastDesiredRoleInPrimaryOrSecondaryGroup(user, SW360Constants.SBOM_IMPORT_EXPORT_ACCESS_USER_ROLE)) {
+                log.warn("User does not have permission to export the SBOM: " + user.getEmail());
+                summary.setRequestStatus(RequestStatus.ACCESS_DENIED);
+                return summary;
+            }
+
+            if (includeSubProjReleases && project.getLinkedProjectsSize() > 0) {
+                ProjectService.Iface client = new ThriftClients().makeProjectClient();
+                linkedReleaseIds.addAll(SW360Utils.getLinkedReleaseIdsOfAllSubProjectsAsFlatList(project, Sets.newHashSet(), Sets.newHashSet(), client, user));
+            }
+
+            if (CommonUtils.isNotEmpty(linkedReleaseIds)) {
+                List<Release> linkedReleases = componentDatabaseHandler.getReleasesByIds(linkedReleaseIds);
+                Set<String> componentIds = linkedReleases.stream().map(Release::getComponentId).filter(Objects::nonNull).collect(Collectors.toSet());
+                List<Component> components = componentDatabaseHandler.getComponentsByIds(componentIds);
+                List<org.cyclonedx.model.Component> sbomComponents = getCycloneDxComponentsFromSw360Releases(linkedReleases, components);
+                bom.setComponents(sbomComponents);
+            } else {
+                log.warn("Cannot export SBOM for project without linked releases: " + projectId);
+                summary.setRequestStatus(RequestStatus.FAILED_SANITY_CHECK);
+                return summary;
+            }
+
+            org.cyclonedx.model.Component metadataComp = getMetadataComponent(project);
+            Tool tool = getTool();
+            Metadata metadata = new Metadata();
+            metadata.setComponent(metadataComp);
+            metadata.setTimestamp(new Date());
+            metadata.setTools(Lists.newArrayList(tool));
+            bom.setMetadata(metadata);
+
+            if (SW360Constants.JSON_FILE_EXTENSION.equalsIgnoreCase(bomType)) {
+                BomJsonGenerator14 jsonBom = new BomJsonGenerator14(bom);
+                summary.setMessage(jsonBom.toJsonString());
+            } else {
+                BomXmlGenerator14 xmlBom = new BomXmlGenerator14(bom);
+                summary.setMessage(xmlBom.toXmlString());
+            }
+            return summary;
+        } catch (SW360Exception e) {
+            log.error(String.format("An error occured while fetching project: %s from db, for SBOM export!", projectId), e);
+            summary.setMessage("An error occured while fetching project from db, for SBOM export: " + e.getMessage());
+        } catch (GeneratorException e) {
+            log.error(String.format("An error occured while exporting xml SBOM for project with id: %s", projectId), e);
+            summary.setMessage("An error occured while exporting xml SBOM for project: " + e.getMessage());
+        } catch (Exception e) {
+            log.error("An error occured while exporting SBOm for project: " + projectId, e);
+            summary.setMessage("An error occured while exporting SBOM for project: " + e.getMessage());
+        }
+        summary.setRequestStatus(RequestStatus.FAILURE);
+        return summary;
+    }
+
+    private static Tool getTool() {
+        Tool tool = new Tool();
+        tool.setName(SW360Constants.TOOL_NAME);
+        tool.setVendor(SW360Constants.TOOL_VENDOR);
+        tool.setVersion(SW360Utils.getSW360Version());
+        return tool;
+    }
+
+    private org.cyclonedx.model.Component getMetadataComponent(Project project) {
+        org.cyclonedx.model.Component component = new org.cyclonedx.model.Component();
+        component.setAuthor(user.getEmail());
+        component.setDescription(CommonUtils.nullToEmptyString(project.getDescription()));
+        component.setName(project.getName());
+        component.setVersion(CommonUtils.nullToEmptyString(project.getVersion()));
+        component.setType(Type.APPLICATION);
+        component.setGroup(CommonUtils.nullToEmptyString(project.getBusinessUnit()));
+        return component;
+    }
+
+    private List<org.cyclonedx.model.Component> getCycloneDxComponentsFromSw360Releases(List<Release> releases, List<Component> components) {
+        List<org.cyclonedx.model.Component> comps = Lists.newArrayList();
+        Map<String, Component> compIdToComponentMap = components.stream()
+                .map(comp -> new AbstractMap.SimpleEntry<>(comp.getId(), comp))
+                .collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue, (oldVal, newVal) -> newVal));
+        for (Release release : releases) {
+            Component sw360Comp = compIdToComponentMap.get(release.getComponentId());
+            org.cyclonedx.model.Component comp = new org.cyclonedx.model.Component();
+            comp.setName(release.getName());
+            comp.setVersion(release.getVersion());
+            comp.setDescription(CommonUtils.nullToEmptyString(sw360Comp.getDescription()));
+
+            // set package URL
+            Set<String> purlSet = new TreeSet<>();
+            if (!CommonUtils.isNullOrEmptyMap(release.getExternalIds())) {
+                if (release.getExternalIds().containsKey(SW360Constants.PACKAGE_URL)) {
+                    purlSet.addAll(getPurlFromSw360Document(release.getExternalIds(), SW360Constants.PACKAGE_URL));
+                }
+                if ( release.getExternalIds().containsKey(SW360Constants.PURL_ID)) {
+                    purlSet.addAll(getPurlFromSw360Document(release.getExternalIds(), SW360Constants.PURL_ID));
+                }
+            } else if (!CommonUtils.isNullOrEmptyMap(sw360Comp.getExternalIds())) {
+                if (sw360Comp.getExternalIds().containsKey(SW360Constants.PACKAGE_URL)) {
+                    purlSet.addAll(getPurlFromSw360Document(sw360Comp.getExternalIds(), SW360Constants.PACKAGE_URL));
+                }
+                if ( sw360Comp.getExternalIds().containsKey(SW360Constants.PURL_ID)) {
+                    purlSet.addAll(getPurlFromSw360Document(sw360Comp.getExternalIds(), SW360Constants.PURL_ID));
+                }
+            }
+            if (CommonUtils.isNotEmpty(purlSet)) {
+                comp.setPurl(String.join(", ", purlSet));
+            }
+
+            // set CycloneDx component type
+            if (sw360Comp.isSetCdxComponentType()) {
+                comp.setType(getCdxComponentType(sw360Comp.getCdxComponentType()));
+            }
+
+            // set vcs, website and mailing list
+            List<ExternalReference> extRefs = Lists.newArrayList();
+            if (null != release.getRepository() && null != release.getRepository().getUrl()) {
+                ExternalReference extRef = new ExternalReference();
+                extRef.setType(org.cyclonedx.model.ExternalReference.Type.VCS);
+                extRef.setUrl(release.getRepository().getUrl());
+                extRefs.add(extRef);
+            }
+            if (CommonUtils.isNotNullEmptyOrWhitespace(sw360Comp.getHomepage())) {
+                ExternalReference extRef = new ExternalReference();
+                extRef.setType(org.cyclonedx.model.ExternalReference.Type.WEBSITE);
+                extRef.setUrl(sw360Comp.getHomepage());
+                extRefs.add(extRef);
+            }
+            if (CommonUtils.isNotNullEmptyOrWhitespace(sw360Comp.getMailinglist())) {
+                ExternalReference extRef = new ExternalReference();
+                extRef.setType(org.cyclonedx.model.ExternalReference.Type.MAILING_LIST);
+                extRef.setUrl(sw360Comp.getMailinglist());
+                extRefs.add(extRef);
+            }
+            if (CommonUtils.isNotNullEmptyOrWhitespace(sw360Comp.getWiki())) {
+                ExternalReference extRef = new ExternalReference();
+                extRef.setType(org.cyclonedx.model.ExternalReference.Type.SUPPORT);
+                extRef.setUrl(sw360Comp.getWiki());
+                extRefs.add(extRef);
+            }
+            if (CommonUtils.isNotEmpty(extRefs)) {
+                comp.setExternalReferences(extRefs);
+            }
+
+            // set licenses
+            Set<String> licenses = Sets.newHashSet();
+            if (CommonUtils.isNotEmpty(release.getMainLicenseIds())) {
+                licenses.addAll(release.getMainLicenseIds());
+            }
+            if (CommonUtils.isNotEmpty(release.getOtherLicenseIds())) {
+                licenses.addAll(release.getOtherLicenseIds());
+            }
+            if (CommonUtils.isNotEmpty(sw360Comp.getMainLicenseIds())) {
+                licenses.addAll(sw360Comp.getMainLicenseIds());
+            }
+            if (CommonUtils.isNotEmpty(licenses)) {
+                comp.setLicenseChoice(getLicenseFromSw360Document(licenses));
+            }
+
+            comps.add(comp);
+        }
+        return comps;
+    }
+
+
+    private LicenseChoice getLicenseFromSw360Document(Set<String> sw360Licenses) {
+        LicenseChoice licenseChoice = new LicenseChoice();
+        List<License> licenses = Lists.newArrayList();
+        for (String lic : sw360Licenses) {
+            License license = new License();
+            license.setId(lic);
+            licenses.add(license);
+        }
+        licenseChoice.setLicenses(licenses);
+        return licenseChoice;
+    }
+
+    private org.cyclonedx.model.Component.Type getCdxComponentType(CycloneDxComponentType compType) {
+        switch (compType) {
+        case APPLICATION:
+            return org.cyclonedx.model.Component.Type.APPLICATION;
+        case CONTAINER:
+            return org.cyclonedx.model.Component.Type.CONTAINER;
+        case DEVICE:
+            return org.cyclonedx.model.Component.Type.DEVICE;
+        case FILE:
+            return org.cyclonedx.model.Component.Type.FILE;
+        case FIRMWARE:
+            return org.cyclonedx.model.Component.Type.FIRMWARE;
+        case FRAMEWORK:
+            return org.cyclonedx.model.Component.Type.FRAMEWORK;
+        case LIBRARY:
+            return org.cyclonedx.model.Component.Type.LIBRARY;
+        case OPERATING_SYSTEM:
+            return org.cyclonedx.model.Component.Type.OPERATING_SYSTEM;
+        default:
+            return null;
+        }
+    }
+
+    @SuppressWarnings("unchecked")
+    private Set<String> getPurlFromSw360Document(Map<String, String> externalIds, String key) {
+        String existingPurl = CommonUtils.nullToEmptyMap(externalIds).getOrDefault(key, "");
+        Set<String> purlSet = Sets.newHashSet();
+        if (CommonUtils.isNotNullEmptyOrWhitespace(existingPurl)) {
+            ObjectMapper mapper = new ObjectMapper();
+            try {
+                if (existingPurl.equals(SW360Constants.NULL_STRING)) {
+                    purlSet.add(SW360Constants.NULL_STRING);
+                } else {
+                    purlSet = mapper.readValue(existingPurl, Set.class);
+                }
+            } catch (IOException e) {
+                purlSet.add(existingPurl);
+            }
+        }
+        return purlSet;
+    }
+}
diff --git a/backend/src-common/src/main/java/org/eclipse/sw360/cyclonedx/CycloneDxBOMImporter.java b/backend/src-common/src/main/java/org/eclipse/sw360/cyclonedx/CycloneDxBOMImporter.java
new file mode 100644
index 0000000000..2f2288da82
--- /dev/null
+++ b/backend/src-common/src/main/java/org/eclipse/sw360/cyclonedx/CycloneDxBOMImporter.java
@@ -0,0 +1,560 @@
+/*
+ * Copyright Siemens Healthineers GmBH, 2023. Part of the SW360 Portal Project.
+ *
+ * This program and the accompanying materials are made
+ * available under the terms of the Eclipse Public License 2.0
+ * which is available at https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ */
+package org.eclipse.sw360.cyclonedx;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.StringWriter;
+import java.nio.charset.Charset;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.stream.Collectors;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.apache.thrift.TException;
+import org.cyclonedx.exception.ParseException;
+import org.cyclonedx.model.Bom;
+import org.cyclonedx.model.ExternalReference;
+import org.cyclonedx.model.ExternalReference.Type;
+import org.cyclonedx.model.Metadata;
+import org.cyclonedx.parsers.JsonParser;
+import org.cyclonedx.parsers.Parser;
+import org.cyclonedx.parsers.XmlParser;
+import org.eclipse.sw360.commonIO.AttachmentFrontendUtils;
+import org.eclipse.sw360.datahandler.common.CommonUtils;
+import org.eclipse.sw360.datahandler.common.SW360Constants;
+import org.eclipse.sw360.datahandler.common.SW360Utils;
+import org.eclipse.sw360.datahandler.common.ThriftEnumUtils;
+import org.eclipse.sw360.datahandler.couchdb.AttachmentConnector;
+import org.eclipse.sw360.datahandler.db.ComponentDatabaseHandler;
+import org.eclipse.sw360.datahandler.db.ProjectDatabaseHandler;
+import org.eclipse.sw360.datahandler.thrift.AddDocumentRequestStatus;
+import org.eclipse.sw360.datahandler.thrift.AddDocumentRequestSummary;
+import org.eclipse.sw360.datahandler.thrift.CycloneDxComponentType;
+import org.eclipse.sw360.datahandler.thrift.MainlineState;
+import org.eclipse.sw360.datahandler.thrift.ProjectReleaseRelationship;
+import org.eclipse.sw360.datahandler.thrift.ReleaseRelationship;
+import org.eclipse.sw360.datahandler.thrift.RequestStatus;
+import org.eclipse.sw360.datahandler.thrift.RequestSummary;
+import org.eclipse.sw360.datahandler.thrift.SW360Exception;
+import org.eclipse.sw360.datahandler.thrift.Visibility;
+import org.eclipse.sw360.datahandler.thrift.attachments.Attachment;
+import org.eclipse.sw360.datahandler.thrift.attachments.AttachmentContent;
+import org.eclipse.sw360.datahandler.thrift.attachments.AttachmentType;
+import org.eclipse.sw360.datahandler.thrift.attachments.CheckStatus;
+import org.eclipse.sw360.datahandler.thrift.components.Component;
+import org.eclipse.sw360.datahandler.thrift.components.ComponentType;
+import org.eclipse.sw360.datahandler.thrift.components.Release;
+import org.eclipse.sw360.datahandler.thrift.components.Repository;
+import org.eclipse.sw360.datahandler.thrift.components.RepositoryType;
+import org.eclipse.sw360.datahandler.thrift.projects.Project;
+import org.eclipse.sw360.datahandler.thrift.projects.ProjectType;
+import org.eclipse.sw360.datahandler.thrift.users.User;
+
+import com.fasterxml.jackson.core.JsonFactory;
+import com.fasterxml.jackson.core.JsonGenerator;
+import com.github.jsonldjava.shaded.com.google.common.io.Files;
+import com.github.packageurl.MalformedPackageURLException;
+import com.github.packageurl.PackageURL;
+import com.google.common.net.MediaType;
+import com.google.gson.Gson;
+
+/**
+ * CycloneDX BOM import implementation.
+ * Supports both XML and JSON format of CycloneDX SBOM
+ *
+ * @author abdul.kapti@siemens-healthineers.com
+ */
+public class CycloneDxBOMImporter {
+    private static final Logger log = LogManager.getLogger(CycloneDxBOMImporter.class);
+    private static final String DOT = ".";
+    private static final String HYPHEN = "-";
+    private static final String JOINER = "||";
+    private static final String COLON_REGEX = "[:,\\s]";
+    private static final String COMP_CREATION_COUNT_KEY = "compCreationCount";
+    private static final String COMP_REUSE_COUNT_KEY = "compReuseCount";
+    private static final String REL_CREATION_COUNT_KEY = "relCreationCount";
+    private static final String REL_REUSE_COUNT_KEY = "relReuseCount";
+    private static final String DUPLICATE_COMPONENT = "dupComp";
+    private static final String DUPLICATE_RELEASE = "dupRel";
+    private static final String INVALID_RELEASE = "invalidRel";
+    private static final String PROJECT_ID = "projectId";
+    private static final String PROJECT_NAME = "projectName";
+
+    private final ProjectDatabaseHandler projectDatabaseHandler;
+    private final ComponentDatabaseHandler componentDatabaseHandler;
+    private final User user;
+    private final AttachmentConnector attachmentConnector;
+
+    public CycloneDxBOMImporter(ProjectDatabaseHandler projectDatabaseHandler, ComponentDatabaseHandler componentDatabaseHandler,
+            AttachmentConnector attachmentConnector, User user) {
+        this.projectDatabaseHandler = projectDatabaseHandler;
+        this.componentDatabaseHandler = componentDatabaseHandler;
+        this.attachmentConnector = attachmentConnector;
+        this.user = user;
+    }
+
+    @SuppressWarnings("unchecked")
+    public RequestSummary importFromBOM(InputStream inputStream, AttachmentContent attachmentContent, String projectId, User user) {
+        RequestSummary requestSummary = new RequestSummary();
+        Map<String, String> messageMap = new HashMap<>();
+        requestSummary.setRequestStatus(RequestStatus.FAILURE);
+        String fileExtension = Files.getFileExtension(attachmentContent.getFilename());
+        Parser parser;
+
+        if (!SW360Utils.isUserAtleastDesiredRoleInPrimaryOrSecondaryGroup(user, SW360Constants.SBOM_IMPORT_EXPORT_ACCESS_USER_ROLE)) {
+            log.warn("User does not have permission to import the SBOM: " + user.getEmail());
+            requestSummary.setMessage(SW360Constants.SBOM_IMPORT_EXPORT_ACCESS_USER_ROLE.name());
+            requestSummary.setRequestStatus(RequestStatus.ACCESS_DENIED);
+            return requestSummary;
+        }
+
+        if (fileExtension.equalsIgnoreCase(SW360Constants.XML_FILE_EXTENSION)) {
+            parser = new XmlParser();
+        } else if (fileExtension.equalsIgnoreCase(SW360Constants.JSON_FILE_EXTENSION)) {
+            parser = new JsonParser();
+        } else {
+            requestSummary.setMessage(String.format("Invalid file format <b>%s</b>. Only XML & JSON SBOM are supported by CycloneDX!", fileExtension));
+            return requestSummary;
+        }
+
+        try {
+            // parsing the input stream into CycloneDx org.cyclonedx.model.Bom
+            Bom bom = parser.parse(IOUtils.toByteArray(inputStream));
+            Metadata bomMetadata = bom.getMetadata();
+
+            // Getting List of org.cyclonedx.model.Component from the Bom
+            List<org.cyclonedx.model.Component> components = CommonUtils.nullToEmptyList(bom.getComponents());
+
+            org.cyclonedx.model.Component compMetadata = bomMetadata.getComponent();
+            Map<String, List<org.cyclonedx.model.Component>> vcsToComponentMap = new HashMap<>();
+
+            vcsToComponentMap.put("", components);
+            requestSummary = importSbomAsProject(compMetadata, vcsToComponentMap, projectId, attachmentContent);
+
+            if (RequestStatus.SUCCESS.equals(requestSummary.getRequestStatus())) {
+                String jsonMessage = requestSummary.getMessage();
+                messageMap = new Gson().fromJson(jsonMessage, Map.class);
+                String projId = messageMap.get("projectId");
+                Project project = projectDatabaseHandler.getProjectById(projId, user);
+                try {
+                    // link SBOM attachment to Project
+                    if (attachmentContent != null) {
+                        Attachment attachment = makeAttachmentFromContent(attachmentContent);
+                        project.addToAttachments(attachment);
+                    }
+                    RequestStatus updateStatus = projectDatabaseHandler.updateProject(project, user, true);
+                    if (RequestStatus.SUCCESS.equals(updateStatus)) {
+                        log.info("SBOM attachment linked to project successfully: " + project.getId());
+                    } else {
+                        log.info("failed to link SBOM Import status attachment to project with status: " + updateStatus);
+                    }
+                    messageMap.put("result", requestSummary.getRequestStatus().toString());
+                    messageMap.put("fileName", attachmentContent.getFilename());
+                    final StringBuilder fileName = new StringBuilder(attachmentContent.getFilename())
+                            .append("_ImportStatus_").append(SW360Utils.getCreatedOnTime().replaceAll(COLON_REGEX, HYPHEN)).append(DOT).append(SW360Constants.JSON_FILE_EXTENSION);
+                    final InputStream inStream = IOUtils.toInputStream(convertCollectionToJSONString(messageMap), Charset.defaultCharset());
+                    final AttachmentContent importResultAttachmentContent = makeAttachmentContent(fileName.toString(), MediaType.JSON_UTF_8.toString());
+                    Attachment attachment = new AttachmentFrontendUtils().uploadAttachmentContent(importResultAttachmentContent, inStream, user);
+                    attachment.setAttachmentType(AttachmentType.OTHER);
+                    StringBuilder comment = new StringBuilder("Auto Generated: CycloneDX SBOM import result for: '").append(attachmentContent.getFilename()).append("'");
+                    attachment.setCreatedComment(comment.toString());
+                    attachment.setSha1(attachmentConnector.getSha1FromAttachmentContentId(importResultAttachmentContent.getId()));
+                    project = projectDatabaseHandler.getProjectById(projId, user);
+                    project.addToAttachments(attachment);
+                    updateStatus = projectDatabaseHandler.updateProject(project, user, true);
+                    if (RequestStatus.SUCCESS.equals(updateStatus)) {
+                        log.info("SBOM Import status attachment linked to project successfully: " + project.getId());
+                    } else {
+                        log.info("failed to link SBOM Import status attachment to project with status: " + updateStatus);
+                    }
+                } catch (SW360Exception e) {
+                    log.error("An error occured while updating project from SBOM: " + e.getMessage());
+                    requestSummary.setMessage("An error occured while updating project during SBOM import, please delete the project and re-import SBOM!");
+                    return requestSummary;
+                }
+            }
+
+        } catch (IOException e) {
+            log.error("IOException occured while importing CycloneDX SBoM: ", e);
+            requestSummary.setMessage("IOException occured while importing CycloneDX SBoM: " + e.getMessage());
+        } catch (ParseException e) {
+            log.error("ParseException occured while importing CycloneDX SBoM: ", e);
+            requestSummary.setMessage("ParseException occured while importing CycloneDX SBoM: " + e.getMessage());
+        } catch (SW360Exception e) {
+            log.error("SW360Exception occured while importing CycloneDX SBoM: ", e);
+            requestSummary.setMessage("SW360Exception occured while importing CycloneDX SBoM: " + e.getMessage());
+        } catch (Exception e) {
+            log.error("Exception occured while importing CycloneDX SBoM: ", e);
+            requestSummary.setMessage("An Exception occured while importing CycloneDX SBoM: " + e.getMessage());
+        }
+        return requestSummary;
+    }
+
+    public RequestSummary importSbomAsProject(org.cyclonedx.model.Component compMetadata,
+            Map<String, List<org.cyclonedx.model.Component>> vcsToComponentMap, String projectId, AttachmentContent attachmentContent)
+                    throws SW360Exception {
+        final RequestSummary summary = new RequestSummary();
+        summary.setRequestStatus(RequestStatus.FAILURE);
+
+        Project project;
+        AddDocumentRequestSummary projectAddSummary = new AddDocumentRequestSummary();
+        AddDocumentRequestStatus addStatus = projectAddSummary.getRequestStatus();
+        Map<String, String> messageMap = new HashMap<>();
+
+        try {
+            if (CommonUtils.isNotNullEmptyOrWhitespace(projectId)) {
+                project = projectDatabaseHandler.getProjectById(projectId, user);
+                Project sBomProject = createProject(compMetadata);
+                if (!(sBomProject.getName().equalsIgnoreCase(project.getName()) && sBomProject.getVersion().equalsIgnoreCase(project.getVersion()))) {
+                    log.warn("cannot import SBOM with different metadata information than the current project!");
+                    summary.setRequestStatus(RequestStatus.FAILED_SANITY_CHECK);
+                    messageMap.put(PROJECT_NAME, SW360Utils.getVersionedName(sBomProject.getName(), sBomProject.getVersion()));
+                    summary.setMessage(convertCollectionToJSONString(messageMap));
+                    return summary;
+                }
+                log.info("reusing existing project: " + projectId);
+            } else {
+                // Metadata component is used to created the project
+                project = createProject(compMetadata);
+                projectAddSummary = projectDatabaseHandler.addProject(project, user);
+                addStatus = projectAddSummary.getRequestStatus();
+
+                if (CommonUtils.isNotNullEmptyOrWhitespace(projectAddSummary.getId())) {
+                    if (AddDocumentRequestStatus.SUCCESS.equals(addStatus)) {
+                        project = projectDatabaseHandler.getProjectById(projectAddSummary.getId(), user);
+                        log.info("project created successfully: " + projectAddSummary.getId());
+                    } else if (AddDocumentRequestStatus.DUPLICATE.equals(addStatus)) {
+                        log.warn("cannot import SBOM for an existing project from Project List / Home page - " + projectAddSummary.getId());
+                        summary.setRequestStatus(getRequestStatusFromAddDocRequestStatus(addStatus));
+                        messageMap.put(PROJECT_ID, projectAddSummary.getId());
+                        messageMap.put(PROJECT_NAME, SW360Utils.getVersionedName(project.getName(), project.getVersion()));
+                        summary.setMessage(convertCollectionToJSONString(messageMap));
+                        return summary;
+                    }
+                } else {
+                    summary.setRequestStatus(getRequestStatusFromAddDocRequestStatus(addStatus));
+                    summary.setMessage("Invalid Projct metadata present in SBOM or Multiple project with same name and version is already present in SW360!");
+                    return summary;
+                }
+
+            }
+        } catch (SW360Exception e) {
+            log.error("An error occured while importing project from SBOM: " + e.getMessage());
+            summary.setMessage("An error occured while importing project from SBOM!");
+            return summary;
+        }
+
+        messageMap = importAllComponentsAsReleases(vcsToComponentMap, project);
+        RequestStatus updateStatus = projectDatabaseHandler.updateProject(project, user, true);
+        if (RequestStatus.SUCCESS.equals(updateStatus)) {
+            log.info("project updated successfully: " + project.getId());
+        } else {
+            log.info("failed to update project with status: " + updateStatus);
+        }
+        summary.setMessage(convertCollectionToJSONString(messageMap));
+        summary.setRequestStatus(RequestStatus.SUCCESS);
+        return summary;
+    }
+
+    private Map<String, String> importAllComponentsAsReleases(Map<String, List<org.cyclonedx.model.Component>> vcsToComponentMap, Project project) {
+
+        final var countMap = new HashMap<String, Integer>();
+        final Set<String> duplicateComponents = new HashSet<>();
+        final Set<String> duplicateReleases = new HashSet<>();
+        final Set<String> invalidReleases = new HashSet<>();
+        final Map<String, ProjectReleaseRelationship> releaseRelationMap = CommonUtils.isNullOrEmptyMap(project.getReleaseIdToUsage()) ? new HashMap<>() : project.getReleaseIdToUsage();
+        countMap.put(COMP_CREATION_COUNT_KEY, 0); countMap.put(COMP_REUSE_COUNT_KEY, 0);
+        countMap.put(REL_CREATION_COUNT_KEY, 0); countMap.put(REL_REUSE_COUNT_KEY, 0);
+        int compCreationCount = 0, compReuseCount = 0, relCreationCount = 0, relReuseCount = 0;
+
+        final List<org.cyclonedx.model.Component> components = vcsToComponentMap.get("");
+        for (org.cyclonedx.model.Component bomComp : components) {
+            Component comp = createComponent(bomComp);
+            if (CommonUtils.isNullEmptyOrWhitespace(comp.getName()) ) {
+                log.error("component name is not present in SBoM: " + project.getId());
+                continue;
+            }
+            String relName = "";
+            AddDocumentRequestSummary compAddSummary;
+            try {
+                compAddSummary = componentDatabaseHandler.addComponent(comp, user.getEmail());
+
+                if (CommonUtils.isNotNullEmptyOrWhitespace(compAddSummary.getId())) {
+                    comp.setId(compAddSummary.getId());
+                    if (AddDocumentRequestStatus.SUCCESS.equals(compAddSummary.getRequestStatus())) {
+                        compCreationCount++;
+                    } else {
+                        compReuseCount++;
+                    }
+                } else {
+                    // in case of more than 1 duplicate found, then continue and show error message in UI.
+                    log.warn("found multiple components: " + comp.getName());
+                    duplicateComponents.add(comp.getName());
+                    continue;
+                }
+
+                Release release = new Release();
+                Set<String> licenses = getLicenseFromBomComponent(bomComp);
+                release = createRelease(bomComp, comp, licenses);
+                if (CommonUtils.isNullEmptyOrWhitespace(release.getVersion()) ) {
+                    log.error("release version is not present in SBoM for component: " + comp.getName());
+                    invalidReleases.add(comp.getName());
+                    continue;
+                }
+                relName = SW360Utils.getVersionedName(release.getName(), release.getVersion());
+
+                try {
+                    AddDocumentRequestSummary relAddSummary = componentDatabaseHandler.addRelease(release, user);
+                    if (CommonUtils.isNotNullEmptyOrWhitespace(relAddSummary.getId())) {
+                        release.setId(relAddSummary.getId());
+                        if (AddDocumentRequestStatus.SUCCESS.equals(relAddSummary.getRequestStatus())) {
+                            relCreationCount++;
+                        } else {
+                            relReuseCount++;
+                        }
+                    } else {
+                        // in case of more than 1 duplicate found, then continue and show error message in UI.
+                        log.warn("found multiple releases: " + relName);
+                        duplicateReleases.add(relName);
+                        continue;
+                    }
+                    releaseRelationMap.putIfAbsent(release.getId(), getDefaultRelation());
+                } catch (SW360Exception e) {
+                    log.error("An error occured while creating/adding release from SBOM: " + e.getMessage());
+                    continue;
+                }
+
+                // update components specific fields
+                comp = componentDatabaseHandler.getComponent(compAddSummary.getId(), user);
+                if (null != bomComp.getType() && null == comp.getCdxComponentType()) {
+                    comp.setCdxComponentType(getCdxComponentType(bomComp.getType()));
+                }
+                StringBuilder description = new StringBuilder();
+                if (CommonUtils.isNullEmptyOrWhitespace(comp.getDescription()) && CommonUtils.isNotNullEmptyOrWhitespace(bomComp.getDescription())) {
+                    description.append(bomComp.getDescription().trim());
+                } else if (CommonUtils.isNotNullEmptyOrWhitespace(bomComp.getDescription())) {
+                    description.append(" || ").append(bomComp.getDescription().trim());
+                }
+                if (CommonUtils.isNotEmpty(comp.getMainLicenseIds())) {
+                    comp.getMainLicenseIds().addAll(licenses);
+                } else {
+                    comp.setMainLicenseIds(licenses);
+                }
+                for (ExternalReference extRef : CommonUtils.nullToEmptyList(bomComp.getExternalReferences())) {
+                    if (Type.WEBSITE.equals(extRef.getType()) && CommonUtils.isNullEmptyOrWhitespace(comp.getHomepage())) {
+                        comp.setHomepage(CommonUtils.nullToEmptyString(extRef.getUrl()));
+                    } else if (Type.MAILING_LIST.equals(extRef.getType()) && CommonUtils.isNullEmptyOrWhitespace(comp.getMailinglist())) {
+                        comp.setMailinglist(CommonUtils.nullToEmptyString(extRef.getUrl()));
+                    } else if (Type.SUPPORT.equals(extRef.getType()) && CommonUtils.isNullEmptyOrWhitespace(comp.getWiki())) {
+                        comp.setWiki(CommonUtils.nullToEmptyString(extRef.getUrl()));
+                    }
+                }
+                comp.setDescription(description.toString());
+                RequestStatus updateStatus = componentDatabaseHandler.updateComponent(comp, user, true);
+                if (RequestStatus.SUCCESS.equals(updateStatus)) {
+                    log.info("updating component successfull: " + comp.getName());
+                }
+            } catch (SW360Exception e) {
+                log.error("An error occured while creating/adding component from SBOM: " + e.getMessage());
+                continue;
+            }
+        }
+
+        project.setReleaseIdToUsage(releaseRelationMap);
+        final Map<String, String> messageMap = new HashMap<>();
+        messageMap.put(DUPLICATE_COMPONENT, String.join(JOINER, duplicateComponents));
+        messageMap.put(DUPLICATE_RELEASE, String.join(JOINER, duplicateReleases));
+        messageMap.put(INVALID_RELEASE, String.join(JOINER, invalidReleases));
+        messageMap.put(PROJECT_ID, project.getId());
+        messageMap.put(PROJECT_NAME, SW360Utils.getVersionedName(project.getName(), project.getVersion()));
+        messageMap.put(COMP_CREATION_COUNT_KEY, String.valueOf(compCreationCount));
+        messageMap.put(COMP_REUSE_COUNT_KEY, String.valueOf(compReuseCount));
+        messageMap.put(REL_CREATION_COUNT_KEY, String.valueOf(relCreationCount));
+        messageMap.put(REL_REUSE_COUNT_KEY, String.valueOf(relReuseCount));
+        return messageMap;
+    }
+
+
+    private Set<String> getLicenseFromBomComponent(org.cyclonedx.model.Component comp) {
+        Set<String> licenses = new HashSet<>();
+        if ((null != comp.getLicenseChoice() && CommonUtils.isNotEmpty(comp.getLicenseChoice().getLicenses()))) {
+            licenses.addAll(comp.getLicenseChoice().getLicenses().stream()
+                    .map(lic -> (null == lic.getId()) ? lic.getName() : lic.getId())
+                    .filter(lic -> (null != lic && !SW360Constants.NO_ASSERTION.equalsIgnoreCase(lic)))
+                    .collect(Collectors.toSet()));
+        }
+        if (null != comp.getEvidence() && null != comp.getEvidence().getLicenseChoice()
+                && CommonUtils.isNotEmpty(comp.getEvidence().getLicenseChoice().getLicenses())) {
+            licenses.addAll(comp.getEvidence().getLicenseChoice().getLicenses().stream()
+                    .map(lic -> (null == lic.getId()) ? lic.getName() : lic.getId())
+                    .filter(lic -> (null != lic && !SW360Constants.NO_ASSERTION.equalsIgnoreCase(lic)))
+                    .collect(Collectors.toSet()));
+        }
+        return licenses;
+    }
+
+    private String convertCollectionToJSONString(Map<String, String> map) throws SW360Exception {
+        try {
+            JsonFactory factory = new JsonFactory();
+            StringWriter jsonObjectWriter = new StringWriter();
+            JsonGenerator jsonGenerator = factory.createGenerator(jsonObjectWriter);
+            jsonGenerator.useDefaultPrettyPrinter();
+            jsonGenerator.writeStartObject();
+            for (Map.Entry<String, String> entry : map.entrySet()) {
+                jsonGenerator.writeStringField(entry.getKey(), entry.getValue());
+            }
+            jsonGenerator.writeEndObject();
+            jsonGenerator.close();
+            return jsonObjectWriter.toString();
+        } catch (IOException e) {
+            throw new SW360Exception("An exception occured while generating JSON info for BOM import! " + e.getMessage());
+        }
+    }
+
+    private RequestStatus getRequestStatusFromAddDocRequestStatus(AddDocumentRequestStatus status) {
+        switch (status) {
+            case SUCCESS:
+                return RequestStatus.SUCCESS;
+            case DUPLICATE:
+                return RequestStatus.DUPLICATE;
+            case NAMINGERROR:
+                return RequestStatus.NAMINGERROR;
+            case INVALID_INPUT:
+                return RequestStatus.INVALID_INPUT;
+            default:
+                return RequestStatus.FAILURE;
+        }
+    }
+
+    private AttachmentContent makeAttachmentContent(String filename, String contentType) {
+        AttachmentContent attachment = new AttachmentContent()
+                .setContentType(contentType)
+                .setFilename(filename)
+                .setOnlyRemote(false);
+        return makeAttachmentContent(attachment);
+    }
+
+    private AttachmentContent makeAttachmentContent(AttachmentContent content) {
+        try {
+            return new AttachmentFrontendUtils().makeAttachmentContent(content);
+        } catch (TException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    private Attachment makeAttachmentFromContent(AttachmentContent attachmentContent) {
+        Attachment attachment = new Attachment();
+        attachment.setAttachmentContentId(attachmentContent.getId());
+        attachment.setAttachmentType(AttachmentType.SBOM);
+        StringBuilder comment = new StringBuilder("Auto Generated: Used for importing CycloneDX SBOM.");
+        attachment.setCreatedComment(comment.toString());
+        attachment.setFilename(attachmentContent.getFilename());
+        attachment.setCreatedOn(SW360Utils.getCreatedOn());
+        attachment.setCreatedBy(user.getEmail());
+        attachment.setCreatedTeam(user.getDepartment());
+        attachment.setCheckStatus(CheckStatus.NOTCHECKED);
+        return attachment;
+    }
+
+    private Project createProject(org.cyclonedx.model.Component compMetadata) {
+        return new Project(CommonUtils.nullToEmptyString(compMetadata.getName()).trim())
+                .setVersion(CommonUtils.nullToEmptyString(compMetadata.getVersion()).trim())
+                .setDescription(CommonUtils.nullToEmptyString(compMetadata.getDescription()).trim()).setType(ThriftEnumUtils.enumToString(ProjectType.PRODUCT))
+                .setBusinessUnit(user.getDepartment()).setVisbility(Visibility.EVERYONE);
+    }
+
+    private Component createComponent(org.cyclonedx.model.Component componentFromBom) {
+        Component component = new Component();
+        component.setName(CommonUtils.nullToEmptyString(componentFromBom.getName()).trim());
+        component.setComponentType(ComponentType.OSS);
+        if (null != componentFromBom.getType()) {
+            component.setCdxComponentType(getCdxComponentType(componentFromBom.getType()));
+        }
+
+        for (ExternalReference extRef : CommonUtils.nullToEmptyList(componentFromBom.getExternalReferences())) {
+            if (Type.WEBSITE.equals(extRef.getType())) {
+                component.setHomepage(CommonUtils.nullToEmptyString(extRef.getUrl()));
+            } else if (Type.MAILING_LIST.equals(extRef.getType())) {
+                component.setMailinglist(CommonUtils.nullToEmptyString(extRef.getUrl()));
+            } else if (Type.SUPPORT.equals(extRef.getType())) {
+                component.setWiki(CommonUtils.nullToEmptyString(extRef.getUrl()));
+            }
+        }
+        return component;
+    }
+
+    private CycloneDxComponentType getCdxComponentType(org.cyclonedx.model.Component.Type compType) {
+        switch (compType) {
+        case APPLICATION:
+            return CycloneDxComponentType.APPLICATION;
+        case CONTAINER:
+            return CycloneDxComponentType.CONTAINER;
+        case DEVICE:
+            return CycloneDxComponentType.DEVICE;
+        case FILE:
+            return CycloneDxComponentType.FILE;
+        case FIRMWARE:
+            return CycloneDxComponentType.FIRMWARE;
+        case FRAMEWORK:
+            return CycloneDxComponentType.FRAMEWORK;
+        case LIBRARY:
+            return CycloneDxComponentType.LIBRARY;
+        case OPERATING_SYSTEM:
+            return CycloneDxComponentType.OPERATING_SYSTEM;
+        default:
+            return null;
+        }
+    }
+
+    private Release createRelease(org.cyclonedx.model.Component componentFromBom, Component component, Set<String> licenses) {
+        Release release = new Release(component.getName(), CommonUtils.nullToEmptyString(componentFromBom.getVersion()).trim(), component.getId());
+        release.setCreatorDepartment(user.getDepartment());
+        if (release.isSetMainLicenseIds()) {
+            release.getMainLicenseIds().addAll(licenses);
+        } else {
+            release.setMainLicenseIds(licenses);
+        }
+        if (CommonUtils.isNotNullEmptyOrWhitespace(componentFromBom.getPurl())) {
+            String purl = componentFromBom.getPurl();
+            try {
+                purl = purl.toLowerCase().trim();
+                new PackageURL(purl);
+                Map<String, String> externalIds = new HashMap<>();
+                externalIds.put(SW360Constants.PACKAGE_URL, purl);
+                release.setExternalIds(externalIds);
+            } catch (MalformedPackageURLException e) {
+                log.error("Malformed PURL for component: " + componentFromBom.getName(), e);
+            }
+        }
+        for (ExternalReference extRef : CommonUtils.nullToEmptyList(componentFromBom.getExternalReferences())) {
+            if (Type.VCS.equals(extRef.getType())) {
+                String repoUrl = CommonUtils.nullToEmptyString(extRef.getUrl());
+                Repository repo = new Repository(repoUrl);
+                if (repoUrl.toLowerCase().contains("github")) {
+                    repo.setRepositorytype(RepositoryType.GIT);
+                } else if (repoUrl.toLowerCase().contains("svn")) {
+                    repo.setRepositorytype(RepositoryType.SVN);
+                }
+                release.setRepository(repo);
+            }
+        }
+        return release;
+    }
+
+    private static ProjectReleaseRelationship getDefaultRelation() {
+        return new ProjectReleaseRelationship(ReleaseRelationship.UNKNOWN, MainlineState.OPEN);
+    }
+}
diff --git a/backend/src-common/src/main/java/org/eclipse/sw360/datahandler/db/ComponentDatabaseHandler.java b/backend/src-common/src/main/java/org/eclipse/sw360/datahandler/db/ComponentDatabaseHandler.java
index b5948ebc9a..29c6f216cc 100644
--- a/backend/src-common/src/main/java/org/eclipse/sw360/datahandler/db/ComponentDatabaseHandler.java
+++ b/backend/src-common/src/main/java/org/eclipse/sw360/datahandler/db/ComponentDatabaseHandler.java
@@ -67,7 +67,6 @@
 import java.io.IOException;
 import java.io.InputStream;
 import org.spdx.library.InvalidSPDXAnalysisException;
-import java.io.InputStreamReader;
 import java.net.MalformedURLException;
 import java.util.*;
 import java.util.concurrent.TimeUnit;
@@ -150,6 +149,7 @@ public class ComponentDatabaseHandler extends AttachmentAwareDatabaseHandler {
                     ClearingInformation._Fields.REQUEST_ID, ClearingInformation._Fields.ADDITIONAL_REQUEST_INFO,
                     ClearingInformation._Fields.EXTERNAL_SUPPLIER_ID, ClearingInformation._Fields.EVALUATED,
                     ClearingInformation._Fields.PROC_START);
+
     public ComponentDatabaseHandler(Supplier<CloudantClient> httpClient, String dbName, String attachmentDbName, ComponentModerator moderator, ReleaseModerator releaseModerator, ProjectModerator projectModerator) throws MalformedURLException {
         super(httpClient, dbName, attachmentDbName);
         DatabaseConnectorCloudant db = new DatabaseConnectorCloudant(httpClient, dbName);
@@ -185,6 +185,7 @@ public ComponentDatabaseHandler(Supplier<CloudantClient> httpClient, String dbNa
     public ComponentDatabaseHandler(Supplier<CloudantClient> supplier, String dbName, String attachmentDbName) throws MalformedURLException {
         this(supplier, dbName, attachmentDbName, new ComponentModerator(), new ReleaseModerator(), new ProjectModerator());
     }
+
     public ComponentDatabaseHandler(Supplier<CloudantClient> supplier, String dbName, String changelogsDbName, String attachmentDbName) throws MalformedURLException {
         this(supplier, dbName, attachmentDbName, new ComponentModerator(), new ReleaseModerator(), new ProjectModerator());
         DatabaseConnectorCloudant db = new DatabaseConnectorCloudant(supplier, changelogsDbName);
@@ -488,7 +489,7 @@ public AddDocumentRequestSummary addRelease(Release release, User user) throws S
         if(isDuplicate(release)) {
             final AddDocumentRequestSummary addDocumentRequestSummary = new AddDocumentRequestSummary()
                     .setRequestStatus(AddDocumentRequestStatus.DUPLICATE);
-            List<Release> duplicates = releaseRepository.searchByNameAndVersion(release.getName(), release.getVersion());
+            List<Release> duplicates = releaseRepository.searchByNameAndVersion(release.getName(), release.getVersion(), true);
             if (duplicates.size() == 1) {
                 duplicates.stream()
                         .map(Release::getId)
@@ -573,7 +574,7 @@ private boolean isDuplicate(String releaseName, String releaseVersion) {
         if (isNullEmptyOrWhitespace(releaseName)) {
             return false;
         }
-        List<Release> duplicates = releaseRepository.searchByNameAndVersion(releaseName, releaseVersion);
+        List<Release> duplicates = releaseRepository.searchByNameAndVersion(releaseName, releaseVersion, true);
         return duplicates.size()>0;
     }
 
@@ -1061,7 +1062,7 @@ public RequestStatus updateRelease(Release release, User user, Iterable<Release.
             return RequestStatus.DUPLICATE_ATTACHMENT;
         } else if (changeWouldResultInDuplicate(actual, release)) {
             return RequestStatus.DUPLICATE;
-        }  else if (!isDependenciesExistsInRelease(release)) {
+        } else if (!isDependenciesExistsInRelease(release)) {
             return RequestStatus.INVALID_INPUT;
         } else {
             DocumentPermissions<Release> permissions = makePermission(actual, user);
@@ -1320,7 +1321,7 @@ public RequestSummary updateReleasesDirectly(Set<Release> releases, User user) t
         return RepositoryUtils.doBulk(prepareReleases(releases), user, releaseRepository);
     }
 
-    public RequestStatus updateReleaseFromAdditionsAndDeletions(Release releaseAdditions, Release releaseDeletions, User user){
+    public RequestStatus updateReleaseFromAdditionsAndDeletions(Release releaseAdditions, Release releaseDeletions, User user) {
 
         try {
             Release release = getRelease(releaseAdditions.getId(), user);
@@ -1968,6 +1969,16 @@ public List<Release> getReleases(Set<String> ids) {
         return releaseRepository.makeSummary(SummaryType.SHORT, ids);
     }
 
+    // return release directly from db, without making summary.
+    public List<Release> getReleasesByIds(Set<String> ids) {
+        return CommonUtils.isNullOrEmptyCollection(ids) ? Lists.newArrayList() : releaseRepository.get(ids);
+    }
+
+    // return components directly from db, without making summary.
+    public List<Component> getComponentsByIds(Set<String> ids) {
+        return CommonUtils.isNullOrEmptyCollection(ids) ? Lists.newArrayList() : componentRepository.get(ids);
+    }
+
     public List<Release> getAccessibleReleases(Set<String> ids, User user) {
         return getAccessibleReleaseList(releaseRepository.makeSummary(SummaryType.SHORT, ids), user);
     }
@@ -2196,7 +2207,7 @@ public String getCyclicLinkedReleasePath(Release release, User user) throws TExc
     }
 
     public List<Component> searchComponentByNameForExport(String name, boolean caseSensitive) {
-        return componentRepository.searchByNameForExport(name, caseSensitive);
+        return componentRepository.searchComponentByName(name, caseSensitive);
     }
 
     public Set<Component> getUsingComponents(String releaseId) {
diff --git a/backend/src-common/src/main/java/org/eclipse/sw360/datahandler/db/ComponentRepository.java b/backend/src-common/src/main/java/org/eclipse/sw360/datahandler/db/ComponentRepository.java
index 3381f8dd92..4f3cd3fbb0 100644
--- a/backend/src-common/src/main/java/org/eclipse/sw360/datahandler/db/ComponentRepository.java
+++ b/backend/src-common/src/main/java/org/eclipse/sw360/datahandler/db/ComponentRepository.java
@@ -37,15 +37,15 @@
  */
 public class ComponentRepository extends SummaryAwareRepository<Component> {
     private static final String ALL = "function(doc) { if (doc.type == 'component') emit(null, doc._id) }";
-    private static final String BYCREATEDON = "function(doc) { if(doc.type == 'component') { emit(doc.createdOn, doc._id) } }";
-    private static final String USEDATTACHMENTCONTENTS = "function(doc) { " +
+    private static final String BY_CREATED_ON = "function(doc) { if(doc.type == 'component') { emit(doc.createdOn, doc._id) } }";
+    private static final String USED_ATTACHMENT_CONTENTS = "function(doc) { " +
             "    if(doc.type == 'release' || doc.type == 'component' || doc.type == 'project') {" +
             "        for(var i in doc.attachments){" +
             "            emit(null, doc.attachments[i].attachmentContentId);" +
             "        }" +
             "    }" +
             "}";
-    private static final String MYCOMPONENTS = "function(doc) {" +
+    private static final String MY_COMPONENTS = "function(doc) {" +
             "  if (doc.type == 'component') {" +
             "    emit(doc.createdBy, doc._id);" +
             "  } " +
@@ -57,29 +57,29 @@ public class ComponentRepository extends SummaryAwareRepository<Component> {
             "    }" +
             "  }" +
             "}";
-    private static final String BYNAME = "function(doc) {" +
+    private static final String BY_NAME = "function(doc) {" +
             "  if (doc.type == 'component') {" +
             "    emit(doc.name, doc._id);" +
             "  } " +
             "}";
-    private static final String BYCOMPONENTTYPE = "function(doc) {" +
+    private static final String BY_COMPONENT_TYPE = "function(doc) {" +
             "  if (doc.type == 'component') {" +
             "    emit(doc.componentType, doc._id);" +
             "  } " +
             "}";
-    private static final String FULLBYNAME = "function(doc) {" +
+    private static final String FULL_BY_NAME = "function(doc) {" +
             "  if (doc.type == 'component') {" +
             "    emit(doc.name, doc._id);" +
             "  } " +
             "}";
-    private static final String BYLINKINGRELEASE = "function(doc) {" +
+    private static final String BY_LINKING_RELEASE = "function(doc) {" +
             "  if (doc.type == 'release') {" +
             "    for(var i in doc.releaseIdToRelationship) {" +
             "      emit(i, doc.componentId);" +
             "    }" +
             "  }" +
             "}";
-    private static final String BYFOSSOLOGYID = "function(doc) {\n" +
+    private static final String BY_FOSSOLOGY_ID = "function(doc) {\n" +
             "  if (doc.type == 'release') {\n" +
             "    if (Array.isArray(doc.externalToolProcesses)) {\n" +
             "      for (var i = 0; i < doc.externalToolProcesses.length; i++) {\n" +
@@ -97,7 +97,7 @@ public class ComponentRepository extends SummaryAwareRepository<Component> {
             "    }\n" +
             "  }\n" +
             "}";
-    private static final String BYEXTERNALIDS = "function(doc) {" +
+    private static final String BY_EXTERNAL_IDS = "function(doc) {" +
             "  if (doc.type == 'component') {" +
             "    for (var externalId in doc.externalIds) {" +
             "      try {" +
@@ -115,19 +115,19 @@ public class ComponentRepository extends SummaryAwareRepository<Component> {
             "    }" +
             "  }" +
             "}";
-    private static final String BYDEFAULTVENDORID = "function(doc) {" +
+    private static final String BY_DEFAULT_VENDOR_ID = "function(doc) {" +
             "  if (doc.type == 'component') {" +
             "       emit( doc.defaultVendorId , doc._id);" +
             "  }" +
             "}";
 
-    private static final String BYNAMELOWERCASE = "function(doc) {" +
+    private static final String BY_NAME_LOWERCASE = "function(doc) {" +
             "  if (doc.type == 'component') {" +
-            "    emit(doc.name.toLowerCase(), doc._id);" +
+            "    emit(doc.name.toLowerCase().trim(), doc._id);" +
             "  } " +
             "}";
 
-    private static final String BYMAINLICENSE = "function(doc) {" +
+    private static final String BY_MAIN_LICENSE = "function(doc) {" +
             "    if (doc.type == 'component') {" +
             "      if(doc.mainLicenseIds) {" +
             "            emit(doc.mainLicenseIds.join(), doc._id);" +
@@ -137,7 +137,7 @@ public class ComponentRepository extends SummaryAwareRepository<Component> {
             "    }" +
             "}";
 
-    private static final String BYVENDOR = "function(doc) {" +
+    private static final String BY_VENDOR = "function(doc) {" +
             "    if (doc.type == 'component') {" +
             "      if(doc.vendorNames) {" +
             "          emit(doc.vendorNames.join(), doc._id);" +
@@ -151,20 +151,20 @@ public ComponentRepository(DatabaseConnectorCloudant db, ReleaseRepository relea
         super(Component.class, db, new ComponentSummary(releaseRepository, vendorRepository));
         Map<String, MapReduce> views = new HashMap<String, MapReduce>();
         views.put("all", createMapReduce(ALL, null));
-        views.put("byCreatedOn", createMapReduce(BYCREATEDON, null));
-        views.put("usedAttachmentContents", createMapReduce(USEDATTACHMENTCONTENTS, null));
-        views.put("mycomponents", createMapReduce(MYCOMPONENTS, null));
+        views.put("byCreatedOn", createMapReduce(BY_CREATED_ON, null));
+        views.put("usedAttachmentContents", createMapReduce(USED_ATTACHMENT_CONTENTS, null));
+        views.put("mycomponents", createMapReduce(MY_COMPONENTS, null));
         views.put("subscribers", createMapReduce(SUBSCRIBERS, null));
-        views.put("byname", createMapReduce(BYNAME, null));
-        views.put("bycomponenttype", createMapReduce(BYCOMPONENTTYPE, null));
-        views.put("fullbyname", createMapReduce(FULLBYNAME, null));
-        views.put("byLinkingRelease", createMapReduce(BYLINKINGRELEASE, null));
-        views.put("byFossologyId", createMapReduce(BYFOSSOLOGYID, null));
-        views.put("byExternalIds", createMapReduce(BYEXTERNALIDS, null));
-        views.put("byDefaultVendorId", createMapReduce(BYDEFAULTVENDORID, null));
-        views.put("bynamelowercase", createMapReduce(BYNAMELOWERCASE, null));
-        views.put("bymainlicense", createMapReduce(BYMAINLICENSE, null));
-        views.put("byvendor", createMapReduce(BYVENDOR, null));
+        views.put("byname", createMapReduce(BY_NAME, null));
+        views.put("bycomponenttype", createMapReduce(BY_COMPONENT_TYPE, null));
+        views.put("fullbyname", createMapReduce(FULL_BY_NAME, null));
+        views.put("byLinkingRelease", createMapReduce(BY_LINKING_RELEASE, null));
+        views.put("byFossologyId", createMapReduce(BY_FOSSOLOGY_ID, null));
+        views.put("byExternalIds", createMapReduce(BY_EXTERNAL_IDS, null));
+        views.put("byDefaultVendorId", createMapReduce(BY_DEFAULT_VENDOR_ID, null));
+        views.put("bynamelowercase", createMapReduce(BY_NAME_LOWERCASE, null));
+        views.put("bymainlicense", createMapReduce(BY_MAIN_LICENSE, null));
+        views.put("byvendor", createMapReduce(BY_VENDOR, null));
         initStandardDesignDocument(views, db);
     }
 
@@ -215,7 +215,7 @@ public Set<String> getComponentIdsByName(String name, boolean caseInsenstive) {
         return queryForIdsAsValue("byname", name);
     }
 
-    public List<Component> searchByNameForExport(String name, boolean caseSensitive) {
+    public List<Component> searchComponentByName(String name, boolean caseSensitive) {
         Set<String> componentIds;
         if (caseSensitive) {
             componentIds = queryForIdsAsValueByPrefix("fullbyname", name);
diff --git a/backend/src-common/src/main/java/org/eclipse/sw360/datahandler/db/DatabaseHandlerUtil.java b/backend/src-common/src/main/java/org/eclipse/sw360/datahandler/db/DatabaseHandlerUtil.java
index b9ae179cc3..904349fdf6 100644
--- a/backend/src-common/src/main/java/org/eclipse/sw360/datahandler/db/DatabaseHandlerUtil.java
+++ b/backend/src-common/src/main/java/org/eclipse/sw360/datahandler/db/DatabaseHandlerUtil.java
@@ -400,9 +400,9 @@ public static <T, R> void trimStringFields(T obj, List<R> listOfStrFields) {
             changeLog.setDocumentType(newProjVer.getType());
             changeLog.setDbName(DatabaseSettings.COUCH_DB_DATABASE);
         } else if (newDocVersion instanceof ObligationList) {
-            ObligationList newProjVer = (ObligationList) newDocVersion;
-            changeLog.setDocumentId(newProjVer.getId());
-            changeLog.setDocumentType(newProjVer.getType());
+            ObligationList newOblListVer = (ObligationList) newDocVersion;
+            changeLog.setDocumentId(newOblListVer.getId());
+            changeLog.setDocumentType(newOblListVer.getType());
             changeLog.setDbName(DatabaseSettings.COUCH_DB_DATABASE);
         } else if (newDocVersion instanceof AttachmentContent) {
             AttachmentContent newAttachmentContentVer = (AttachmentContent) newDocVersion;
@@ -412,19 +412,19 @@ public static <T, R> void trimStringFields(T obj, List<R> listOfStrFields) {
             info.put(AttachmentContent._Fields.FILENAME.name(), newAttachmentContentVer.getFilename());
             info.put(AttachmentContent._Fields.CONTENT_TYPE.name(), newAttachmentContentVer.getContentType());
         } else if (newDocVersion instanceof Component) {
-            Component newProjVer = (Component) newDocVersion;
-            changeLog.setDocumentId(newProjVer.getId());
-            changeLog.setDocumentType(newProjVer.getType());
+            Component newCompVer = (Component) newDocVersion;
+            changeLog.setDocumentId(newCompVer.getId());
+            changeLog.setDocumentType(newCompVer.getType());
             changeLog.setDbName(DatabaseSettings.COUCH_DB_DATABASE);
         } else if (newDocVersion instanceof Release) {
-            Release newProjVer = (Release) newDocVersion;
-            changeLog.setDocumentId(newProjVer.getId());
-            changeLog.setDocumentType(newProjVer.getType());
+            Release newRelVer = (Release) newDocVersion;
+            changeLog.setDocumentId(newRelVer.getId());
+            changeLog.setDocumentType(newRelVer.getType());
             changeLog.setDbName(DatabaseSettings.COUCH_DB_DATABASE);
         } else if (newDocVersion instanceof ModerationRequest) {
-            ModerationRequest newProjVer = (ModerationRequest) newDocVersion;
-            changeLog.setDocumentId(newProjVer.getId());
-            changeLog.setDocumentType(newProjVer.getType());
+            ModerationRequest newModReqVer = (ModerationRequest) newDocVersion;
+            changeLog.setDocumentId(newModReqVer.getId());
+            changeLog.setDocumentType(newModReqVer.getType());
             changeLog.setDbName(DatabaseSettings.COUCH_DB_DATABASE);
         } else if (newDocVersion instanceof SPDXDocument) {
             SPDXDocument newProjVer = (SPDXDocument) newDocVersion;
@@ -442,9 +442,9 @@ public static <T, R> void trimStringFields(T obj, List<R> listOfStrFields) {
             changeLog.setDocumentType(newProjVer.getType());
             changeLog.setDbName(DatabaseSettings.COUCH_DB_SPDX);
         } else if (newDocVersion instanceof Obligation) {
-            Obligation newProjVer = (Obligation) newDocVersion;
-            changeLog.setDocumentId(newProjVer.getId());
-            changeLog.setDocumentType(newProjVer.getType());
+            Obligation newOblVer = (Obligation) newDocVersion;
+            changeLog.setDocumentId(newOblVer.getId());
+            changeLog.setDocumentType(newOblVer.getType());
             changeLog.setDbName(DatabaseSettings.COUCH_DB_DATABASE);
         }
 
diff --git a/backend/src-common/src/main/java/org/eclipse/sw360/datahandler/db/ProjectDatabaseHandler.java b/backend/src-common/src/main/java/org/eclipse/sw360/datahandler/db/ProjectDatabaseHandler.java
index 650bdfaa80..e07d382dcb 100644
--- a/backend/src-common/src/main/java/org/eclipse/sw360/datahandler/db/ProjectDatabaseHandler.java
+++ b/backend/src-common/src/main/java/org/eclipse/sw360/datahandler/db/ProjectDatabaseHandler.java
@@ -17,11 +17,14 @@
 import com.google.common.collect.*;
 import com.google.gson.JsonArray;
 import com.google.gson.JsonObject;
+
+import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang.StringUtils;
 import org.apache.thrift.TException;
-
 import org.eclipse.sw360.common.utils.BackendUtils;
 import org.eclipse.sw360.components.summary.SummaryType;
+import org.eclipse.sw360.cyclonedx.CycloneDxBOMExporter;
+import org.eclipse.sw360.cyclonedx.CycloneDxBOMImporter;
 import org.eclipse.sw360.datahandler.businessrules.ReleaseClearingStateSummaryComputer;
 import org.eclipse.sw360.datahandler.cloudantclient.DatabaseConnectorCloudant;
 import org.eclipse.sw360.datahandler.common.*;
@@ -54,6 +57,7 @@
 
 import java.io.*;
 import java.net.MalformedURLException;
+import java.nio.charset.Charset;
 import java.time.Instant;
 import java.util.*;
 import java.util.concurrent.TimeUnit;
@@ -1099,7 +1103,7 @@ public List<ReleaseClearingStatusData> getReleaseClearingStatusesWithAccessibili
             ReleaseClearingStatusData releaseClearingStatusData = new ReleaseClearingStatusData(release)
                     .setProjectNames(joinStrings(projectNames))
                     .setMainlineStates(joinStrings(mainlineStates))
-                    .setComponentType(componentsById.get(release.getComponentId()).getComponentType()); 
+                    .setComponentType(componentsById.get(release.getComponentId()).getComponentType());
 
             boolean isAccessible = componentDatabaseHandler.isReleaseActionAllowed(release, user, RequestedAction.READ);
             releaseClearingStatusData.setAccessible(isAccessible);
@@ -1699,6 +1703,48 @@ public RequestSummary importBomFromAttachmentContent(User user, String attachmen
         }
     }
 
+    public RequestSummary importCycloneDxFromAttachmentContent(User user, String attachmentContentId, String projectId) throws SW360Exception {
+        final AttachmentContent attachmentContent = attachmentConnector.getAttachmentContent(attachmentContentId);
+        final Duration timeout = Duration.durationOf(30, TimeUnit.SECONDS);
+        try {
+            final AttachmentStreamConnector attachmentStreamConnector = new AttachmentStreamConnector(timeout);
+            try (final InputStream inputStream = attachmentStreamConnector
+                    .unsafeGetAttachmentStream(attachmentContent)) {
+                final CycloneDxBOMImporter cycloneDxBOMImporter = new CycloneDxBOMImporter(this,
+                        componentDatabaseHandler, attachmentConnector, user);
+                return cycloneDxBOMImporter.importFromBOM(inputStream, attachmentContent, projectId, user);
+            }
+        } catch (IOException e) {
+            log.error("Error while importing / parsing CycloneDX SBOM! ", e);
+            throw new SW360Exception(e.getMessage());
+        }
+    }
+
+    public RequestSummary exportCycloneDxSbom(String projectId, String bomType, Boolean includeSubProjReleases, User user) throws SW360Exception {
+        try {
+            final CycloneDxBOMExporter cycloneDxBOMExporter = new CycloneDxBOMExporter(this, componentDatabaseHandler, user);
+            return cycloneDxBOMExporter.exportSbom(projectId, bomType, includeSubProjReleases, user);
+        } catch (Exception e) {
+            log.error("Error while exporting CycloneDX SBOM! ", e);
+            throw new SW360Exception(e.getMessage());
+        }
+    }
+
+    public String getSbomImportInfoFromAttachmentAsString(String attachmentContentId) throws SW360Exception {
+        final AttachmentContent attachmentContent = attachmentConnector.getAttachmentContent(attachmentContentId);
+        final Duration timeout = Duration.durationOf(30, TimeUnit.SECONDS);
+        try {
+            final AttachmentStreamConnector attachmentStreamConnector = new AttachmentStreamConnector(timeout);
+            try (final InputStream inputStream = attachmentStreamConnector
+                    .unsafeGetAttachmentStream(attachmentContent)) {
+                return IOUtils.toString(inputStream, Charset.defaultCharset());
+            }
+        } catch (IOException e) {
+            log.error("Error while getting sbom import info from attachment! ", e);
+            throw new SW360Exception(e.getMessage());
+        }
+    }
+
     private void removeLeadingTrailingWhitespace(Project project) {
         DatabaseHandlerUtil.trimStringFields(project, listOfStringFieldsInProjToTrim);
 
@@ -1781,7 +1827,7 @@ private void flattenClearingStatusForReleases(Map<String, ProjectReleaseRelation
             if (releaseOrigin.containsKey(releaseId))
                 return;
             Release rel = componentDatabaseHandler.getRelease(releaseId, user);
-            
+
             if (!isInaccessibleLinkMasked || componentDatabaseHandler.isReleaseActionAllowed(rel, user, RequestedAction.READ)) {
                 Map<String, ReleaseRelationship> releaseIdToRelationship = rel.getReleaseIdToRelationship();
                 releaseOrigin.put(releaseId, SW360Utils.printName(rel));
@@ -1811,7 +1857,7 @@ private void flattenlinkedReleaseOfRelease(Map<String, ReleaseRelationship> rele
             if (releaseOrigin.containsKey(releaseId))
                 return;
             Release rel = componentDatabaseHandler.getRelease(releaseId, user);
-            
+
             if (!isInaccessibleLinkMasked || componentDatabaseHandler.isReleaseActionAllowed(rel, user, RequestedAction.READ)) {
                 Map<String, ReleaseRelationship> subReleaseIdToRelationship = rel.getReleaseIdToRelationship();
                 releaseOrigin.put(releaseId, SW360Utils.printName(rel));
@@ -1873,7 +1919,7 @@ private Map<String, String> createReleaseCSRow(String relation, String projectMa
         clearingStatusList.add(row);
         return row;
     }
-    
+
     private Map<String, String> createInaccessibleReleaseCSRow(List<Map<String, String>> clearingStatusList) throws SW360Exception {
         Map<String, String> row = new HashMap<>();
         row.put("id", "");
diff --git a/backend/src-common/src/main/java/org/eclipse/sw360/datahandler/db/ReleaseRepository.java b/backend/src-common/src/main/java/org/eclipse/sw360/datahandler/db/ReleaseRepository.java
index 8b7064fbfc..aee6803f4b 100644
--- a/backend/src-common/src/main/java/org/eclipse/sw360/datahandler/db/ReleaseRepository.java
+++ b/backend/src-common/src/main/java/org/eclipse/sw360/datahandler/db/ReleaseRepository.java
@@ -43,8 +43,8 @@
 public class ReleaseRepository extends SummaryAwareRepository<Release> {
 
     private static final String ALL = "function(doc) { if (doc.type == 'release') emit(null, doc._id) }";
-    private static final String BYNAME = "function(doc) { if(doc.type == 'release') { emit(doc.name, doc._id) } }";
-    private static final String BYCREATEDON = "function(doc) { if(doc.type == 'release') { emit(doc.createdOn, doc._id) } }";
+    private static final String BY_NAME = "function(doc) { if(doc.type == 'release') { emit(doc.name, doc._id) } }";
+    private static final String BY_CREATED_ON = "function(doc) { if(doc.type == 'release') { emit(doc.createdOn, doc._id) } }";
     private static final String SUBSCRIBERS = "function(doc) {" +
             " if (doc.type == 'release'){" +
             "    for(var i in doc.subscribers) {" +
@@ -52,38 +52,38 @@ public class ReleaseRepository extends SummaryAwareRepository<Release> {
             "    }" +
             "  }" +
             "}";
-    private static final String USEDINRELEASERELATION = "function(doc) {" +
+    private static final String USED_IN_RELEASE_RELATION = "function(doc) {" +
             " if(doc.type == 'release') {" +
             "   for(var id in doc.releaseIdToRelationship) {" +
             "     emit(id, doc._id);" +
             "   }" +
             " }" +
             "}";
-    private static final String RELEASEBYVENDORID = "function(doc) {" +
+    private static final String RELEASE_BY_VENDOR_ID = "function(doc) {" +
             " if (doc.type == 'release'){" +
             "     emit(doc.vendorId, doc._id);" +
             "  }" +
             "}";
-    private static final String RELEASESBYCOMPONENTID = "function(doc) {" +
+    private static final String RELEASES_BY_COMPONENT_ID = "function(doc) {" +
             " if (doc.type == 'release'){" +
             "      emit(doc.componentId, doc._id);" +
             "  }" +
             "}";
     
-    private static final String RELEASEIDSBYVENDORID = "function(doc) {" +
+    private static final String RELEASE_IDS_BY_VENDOR_ID = "function(doc) {" +
             " if (doc.type == 'release'){" +
             "      emit(doc.vendorId, doc._id);" +
             "  }" +
             "}";
 
-    private static final String RELEASEIDSBYLICENSEID = "function(doc) {" +
+    private static final String RELEASE_IDS_BY_LICENSE_ID = "function(doc) {" +
             "  if (doc.type == 'release'){" +
             "    for(var i in doc.mainLicenseIds) {" +
             "      emit(doc.mainLicenseIds[i], doc._id);" +
             "    }" +
             "  }" +
               "}";
-    private static final String BYEXTERNALIDS = "function(doc) {" +
+    private static final String BY_EXTERNAL_IDS = "function(doc) {" +
             "  if (doc.type == 'release') {" +
             "    for (var externalId in doc.externalIds) {" +
             "      try {" +
@@ -171,19 +171,19 @@ public ReleaseRepository(DatabaseConnectorCloudant db, VendorRepository vendorRe
         super(Release.class, db, new ReleaseSummary(vendorRepository));
         Map<String, MapReduce> views = new HashMap<String, MapReduce>();
         views.put("all", createMapReduce(ALL, null));
-        views.put("byname", createMapReduce(BYNAME, null));
-        views.put("byCreatedOn", createMapReduce(BYCREATEDON, null));
+        views.put("byname", createMapReduce(BY_NAME, null));
+        views.put("byCreatedOn", createMapReduce(BY_CREATED_ON, null));
         views.put("subscribers", createMapReduce(SUBSCRIBERS, null));
-        views.put("usedInReleaseRelation", createMapReduce(USEDINRELEASERELATION, null));
-        views.put("releaseByVendorId", createMapReduce(RELEASEBYVENDORID, null));
-        views.put("releasesByComponentId", createMapReduce(RELEASESBYCOMPONENTID, null));
-        views.put("releaseIdsByLicenseId", createMapReduce(RELEASEIDSBYLICENSEID, null));
-        views.put("byExternalIds", createMapReduce(BYEXTERNALIDS, null));
+        views.put("usedInReleaseRelation", createMapReduce(USED_IN_RELEASE_RELATION, null));
+        views.put("releaseByVendorId", createMapReduce(RELEASE_BY_VENDOR_ID, null));
+        views.put("releasesByComponentId", createMapReduce(RELEASES_BY_COMPONENT_ID, null));
+        views.put("releaseIdsByLicenseId", createMapReduce(RELEASE_IDS_BY_LICENSE_ID, null));
+        views.put("byExternalIds", createMapReduce(BY_EXTERNAL_IDS, null));
         views.put("releaseByCpeId", createMapReduce(BY_LOWERCASE_RELEASE_CPE_VIEW, null));
         views.put("releaseBySvmId", createMapReduce(RELEASES_BY_SVM_ID_RELEASE_VIEW, null));
         views.put("releaseByName", createMapReduce(BY_LOWERCASE_RELEASE_NAME_VIEW, null));
         views.put("releaseByVersion", createMapReduce(BY_LOWERCASE_RELEASE_VERSION_VIEW, null));
-        views.put("releaseIdsByVendorId", createMapReduce(RELEASEIDSBYVENDORID, null));
+        views.put("releaseIdsByVendorId", createMapReduce(RELEASE_IDS_BY_VENDOR_ID, null));
         views.put("byStatus", createMapReduce(BY_STATUS_VIEW, null));
         views.put("byECCAssessorContactPerson", createMapReduce(BY_ASSESSOR_CONTACT_PERSON_VIEW, null));
         views.put("byECCAssessorGroup", createMapReduce(BY_ASSESSOR_DEPARTMENT_VIEW, null));
@@ -196,10 +196,15 @@ public List<Release> searchByNamePrefix(String name) {
         return makeSummary(SummaryType.SHORT, queryForIdsByPrefix("byname", name));
     }
 
-    public List<Release> searchByNameAndVersion(String name, String version){
-        List<Release> releasesMatchingName =  new ArrayList<Release>(getFullDocsById(queryForIdsAsValue("byname", name)));
+    public List<Release> searchByNameAndVersion(String name, String version, boolean caseInsenstive){
+        List<Release> releasesMatchingName;
+        if (caseInsenstive) {
+            releasesMatchingName = new ArrayList<Release>(queryView("releaseByName", name.toLowerCase()));
+        } else {
+            releasesMatchingName = new ArrayList<Release>(queryView("byname", name));
+        }
         List<Release> releasesMatchingNameAndVersion = releasesMatchingName.stream()
-                .filter(r -> isNullOrEmpty(version) ? isNullOrEmpty(r.getVersion()) : version.equals(r.getVersion()))
+                .filter(r -> isNullOrEmpty(version) ? isNullOrEmpty(r.getVersion()) : version.equalsIgnoreCase(r.getVersion()))
                 .collect(Collectors.toList());
         return releasesMatchingNameAndVersion;
     }
diff --git a/backend/src/src-projects/src/main/java/org/eclipse/sw360/projects/ProjectHandler.java b/backend/src/src-projects/src/main/java/org/eclipse/sw360/projects/ProjectHandler.java
index 4ef086eecd..1c3499fd9e 100644
--- a/backend/src/src-projects/src/main/java/org/eclipse/sw360/projects/ProjectHandler.java
+++ b/backend/src/src-projects/src/main/java/org/eclipse/sw360/projects/ProjectHandler.java
@@ -20,8 +20,8 @@
 import org.eclipse.sw360.datahandler.thrift.AddDocumentRequestSummary;
 import org.eclipse.sw360.datahandler.thrift.PaginationData;
 import org.eclipse.sw360.datahandler.thrift.RequestStatus;
-import org.eclipse.sw360.datahandler.thrift.SW360Exception;
 import org.eclipse.sw360.datahandler.thrift.RequestSummary;
+import org.eclipse.sw360.datahandler.thrift.SW360Exception;
 import org.eclipse.sw360.datahandler.thrift.attachments.Attachment;
 import org.eclipse.sw360.datahandler.thrift.components.ReleaseClearingStatusData;
 import org.eclipse.sw360.datahandler.thrift.projects.ClearingRequest;
@@ -30,7 +30,6 @@
 import org.eclipse.sw360.datahandler.thrift.projects.ProjectData;
 import org.eclipse.sw360.datahandler.thrift.projects.ProjectLink;
 import org.eclipse.sw360.datahandler.thrift.projects.ObligationList;
-import org.eclipse.sw360.datahandler.thrift.projects.ProjectRelationship;
 import org.eclipse.sw360.datahandler.thrift.projects.ProjectService;
 import org.eclipse.sw360.datahandler.thrift.projects.UsedReleaseRelations;
 import org.eclipse.sw360.datahandler.thrift.users.User;
@@ -39,11 +38,11 @@
 import com.cloudant.client.api.CloudantClient;
 
 import java.io.IOException;
+import java.nio.ByteBuffer;
 import java.util.*;
 import java.util.function.Supplier;
 
 import static org.eclipse.sw360.datahandler.common.SW360Assert.*;
-import java.nio.ByteBuffer;
 
 /**
  * Implementation of the Thrift service
@@ -237,6 +236,26 @@ public RequestSummary importBomFromAttachmentContent(User user, String attachmen
         return handler.importBomFromAttachmentContent(user, attachmentContentId);
     }
 
+    @Override
+    public RequestSummary importCycloneDxFromAttachmentContent(User user, String attachmentContentId, String projectId) throws SW360Exception {
+        assertId(attachmentContentId);
+        assertUser(user);
+        return handler.importCycloneDxFromAttachmentContent(user, attachmentContentId, projectId);
+    }
+
+    @Override
+    public RequestSummary exportCycloneDxSbom(String projectId, String bomType, boolean includeSubProjReleases, User user) throws SW360Exception {
+        assertId(projectId);
+        assertUser(user);
+        return handler.exportCycloneDxSbom(projectId, bomType, includeSubProjReleases, user);
+    }
+
+    @Override
+    public String getSbomImportInfoFromAttachmentAsString(String attachmentContentId) throws SW360Exception {
+        assertId(attachmentContentId);
+        return handler.getSbomImportInfoFromAttachmentAsString(attachmentContentId);
+    }
+
     ////////////////////////////
     // ADD INDIVIDUAL OBJECTS //
     ////////////////////////////
diff --git a/frontend/sw360-portlet/pom.xml b/frontend/sw360-portlet/pom.xml
index 47efd557f4..61459ff90b 100644
--- a/frontend/sw360-portlet/pom.xml
+++ b/frontend/sw360-portlet/pom.xml
@@ -216,6 +216,10 @@
             <artifactId>jstl-api</artifactId>
             <version>1.2</version>
         </dependency>
+        <dependency>
+            <groupId>com.github.package-url</groupId>
+            <artifactId>packageurl-java</artifactId>
+        </dependency>
         <dependency>
             <groupId>com.google.guava</groupId>
             <artifactId>guava</artifactId>
diff --git a/frontend/sw360-portlet/src/main/java/org/eclipse/sw360/portal/common/PortalConstants.java b/frontend/sw360-portlet/src/main/java/org/eclipse/sw360/portal/common/PortalConstants.java
index f0065adce7..19f6604969 100644
--- a/frontend/sw360-portlet/src/main/java/org/eclipse/sw360/portal/common/PortalConstants.java
+++ b/frontend/sw360-portlet/src/main/java/org/eclipse/sw360/portal/common/PortalConstants.java
@@ -26,6 +26,7 @@
  * @author stefan.jaeger@evosoft.com
  * @author alex.borodin@evosoft.com
  */
+
 public class PortalConstants {
 
     public static final String PROPERTIES_FILE_PATH = "/sw360.properties";
@@ -277,6 +278,7 @@ public class PortalConstants {
     public static final String RELEASE_SEARCH_BY_VENDOR = "releaseSearchByVendor";
     public static final String OBLIGATION_ELEMENT_SEARCH = "obligationElementSearch";
     public static final String OBLIGATION_ELEMENT_ID = "obligationElementId";
+    public static final String LOAD_SBOM_IMPORT_INFO = "loadSbomImportInfo";
 
     public static final String RELEASE_LIST_FROM_LINKED_PROJECTS = "releaseListFromLinkedProjects";
     public static final String STATE;
@@ -552,12 +554,16 @@ public class PortalConstants {
     public static final String PARENT_BRANCH_ID = "parent_branch_id";
     public static final String PARENT_SCOPE_GROUP_ID = "parentScopeGroupId";
 
-    // bom import
+    // bom import / export
     public static final String PREPARE_IMPORT_BOM = "prepareImportBom";
     public static final String IMPORT_BOM = "importBom";
     public static final String IMPORT_BOM_AS_NEW = "importBomAsNew";
     public static final String NEW_RELEASE_VERSION = "newReleaseVersion";
     public static final String RDF_FILE_PATH = "rdfFilePath";
+    public static final String BOM_TYPE = "bomType";
+    public static final String EXPORT_SBOM = "exportSbom";
+    public static final String SBOM_FROMAT = "sbomFormat";
+    public static final String IS_SBOM_IMPORT_EXPORT_ACCESS_USER = "isSbomImportExportAccessUser";
 
     // project actions
     public static final String VIEW_LINKED_PROJECTS = "view_linked_projects";
diff --git a/frontend/sw360-portlet/src/main/java/org/eclipse/sw360/portal/common/PortletUtils.java b/frontend/sw360-portlet/src/main/java/org/eclipse/sw360/portal/common/PortletUtils.java
index 7c99ffd0f2..5965790063 100644
--- a/frontend/sw360-portlet/src/main/java/org/eclipse/sw360/portal/common/PortletUtils.java
+++ b/frontend/sw360-portlet/src/main/java/org/eclipse/sw360/portal/common/PortletUtils.java
@@ -150,6 +150,10 @@ public static ObligationType getObligationTypeFromString(String enumNumber) {
         return  ObligationType.findByValue(parseInt(enumNumber));
     }
 
+    public static CycloneDxComponentType getCycloneDxComponentTypeFromString(String enumNumber) {
+        return  CycloneDxComponentType.findByValue(parseInt(enumNumber));
+    }
+
     public static <U extends TFieldIdEnum, T extends TBase<T, U>> void setFieldValue(PortletRequest request, T instance, U field, FieldMetaData fieldMetaData, String prefix) {
 
         String value = request.getParameter(prefix + field.toString());
@@ -205,6 +209,8 @@ else if (field == Obligation._Fields.OBLIGATION_LEVEL)
             return getObligationLevelFromString(value);
         else if (field == Obligation._Fields.OBLIGATION_TYPE)
             return getObligationTypeFromString(value);
+        else if (field == Component._Fields.CDX_COMPONENT_TYPE)
+            return getCycloneDxComponentTypeFromString(value);
         else {
             LOGGER.error("Missing case in enumFromString, unknown field was " + field.toString());
             return null;
diff --git a/frontend/sw360-portlet/src/main/java/org/eclipse/sw360/portal/portlets/projects/ProjectPortlet.java b/frontend/sw360-portlet/src/main/java/org/eclipse/sw360/portal/portlets/projects/ProjectPortlet.java
index 68ecb78252..c0a70119b7 100644
--- a/frontend/sw360-portlet/src/main/java/org/eclipse/sw360/portal/portlets/projects/ProjectPortlet.java
+++ b/frontend/sw360-portlet/src/main/java/org/eclipse/sw360/portal/portlets/projects/ProjectPortlet.java
@@ -25,6 +25,7 @@
 import com.liferay.portal.kernel.servlet.SessionMessages;
 import com.liferay.portal.kernel.servlet.SessionErrors;
 import com.liferay.portal.kernel.theme.ThemeDisplay;
+import com.liferay.portal.kernel.util.ContentTypes;
 import com.liferay.portal.kernel.util.PortalUtil;
 import com.liferay.portal.kernel.util.WebKeys;
 import com.liferay.portal.kernel.util.ResourceBundleUtil;
@@ -238,6 +239,8 @@ public void serveResource(ResourceRequest request, ResourceResponse response) th
             removeOrphanObligation(request, response);
         } else if (PortalConstants.IMPORT_BOM.equals(action)) {
             importBom(request, response);
+        } else if (PortalConstants.EXPORT_SBOM.equals(action)) {
+            exportSbom(request, response);
         } else if (PortalConstants.CREATE_CLEARING_REQUEST.equals(action)) {
             createClearingRequest(request, response);
         } else if (PortalConstants.VIEW_CLEARING_REQUEST.equals(action)) {
@@ -252,6 +255,8 @@ public void serveResource(ResourceRequest request, ResourceResponse response) th
             addLicenseToLinkedReleases(request, response);
         } else if (PortalConstants.LOAD_SPDX_LICENSE_INFO.equals(action)) {
             loadSpdxLicenseInfo(request, response);
+        } else if (PortalConstants.LOAD_SBOM_IMPORT_INFO.equals(action)) {
+           loadSbomImportInfoFromAttachment(request, response);
         } else if (isGenericAction(action)) {
             dealWithGenericAction(request, response, action);
         } else if (PortalConstants.LOAD_CHANGE_LOGS.equals(action) || PortalConstants.VIEW_CHANGE_LOGS.equals(action)) {
@@ -430,13 +435,24 @@ private void removeOrphanObligation(ResourceRequest request, ResourceResponse re
     }
 
     private void importBom(ResourceRequest request, ResourceResponse response) {
-        ProjectService.Iface projectClient = thriftClients.makeProjectClient();
         User user = UserCacheHolder.getUserFromRequest(request);
-        String attachmentContentId = request.getParameter(ATTACHMENT_CONTENT_ID);
+        ResourceParameters parameters = request.getResourceParameters();
+        String attachmentContentId = parameters.getValue(ATTACHMENT_CONTENT_ID);
+        String bomtype = parameters.getValue(BOM_TYPE);
+        String projectId = parameters.getValue(PROJECT_ID);
+        final RequestSummary requestSummary;
 
         try {
-            final RequestSummary requestSummary = projectClient.importBomFromAttachmentContent(user, attachmentContentId);
+            boolean isSPDX = "SPDX".equals(bomtype);
+            ProjectService.Iface projectClient = thriftClients.makeProjectClient();
+            if (isSPDX) {
+                requestSummary = projectClient.importBomFromAttachmentContent(user, attachmentContentId);
+            } else {
+                Locale locale = request.getLocale();
+                requestSummary = projectClient.importCycloneDxFromAttachmentContent(user, attachmentContentId, projectId);
+            }
 
+            boolean isSuccess = RequestStatus.SUCCESS.equals(requestSummary.getRequestStatus());
             String portletId = (String) request.getAttribute(WebKeys.PORTLET_ID);
             ThemeDisplay tD = (ThemeDisplay) request.getAttribute(WebKeys.THEME_DISPLAY);
             long plid = tD.getPlid();
@@ -444,12 +460,29 @@ private void importBom(ResourceRequest request, ResourceResponse response) {
             LiferayPortletURL projectUrl = PortletURLFactoryUtil.create(request, portletId, plid,
                     PortletRequest.RENDER_PHASE);
             projectUrl.setParameter(PortalConstants.PAGENAME, PortalConstants.PAGENAME_DETAIL);
-            projectUrl.setParameter(PortalConstants.PROJECT_ID, requestSummary.getMessage());
-
 
             JSONObject jsonObject = JSONFactoryUtil.createJSONObject();
-            jsonObject.put("redirectUrl", projectUrl.toString());
 
+            if (isSPDX) {
+                projectUrl.setParameter(PortalConstants.PROJECT_ID, requestSummary.getMessage());
+                jsonObject.put("redirectUrl", projectUrl.toString());
+            } else {
+                try {
+                    if (CommonUtils.isNotNullEmptyOrWhitespace(requestSummary.getMessage())) {
+                        jsonObject = JSONFactoryUtil.createJSONObject(requestSummary.getMessage());
+                        requestSummary.unsetMessage();
+                    }
+                    if (isSuccess || RequestStatus.DUPLICATE.equals(requestSummary.getRequestStatus())) {
+                        projectUrl.setParameter(PortalConstants.PROJECT_ID, jsonObject.getString("projectId"));
+                        jsonObject.put("redirectUrl", projectUrl.toString());
+                    }
+                } catch (JSONException e) {
+                    log.error("JSON Exception occured, maybe the 'RequestSummary' message is not in JSON form: " + e.getMessage());
+                }
+            }
+            if (!isSuccess) {
+                attachmentPortletUtils.deleteAttachments(Sets.newHashSet(attachmentContentId));
+            }
             renderRequestSummary(request, response, requestSummary, jsonObject);
         } catch (TException e) {
             log.error("Failed to import BOM.", e);
@@ -457,6 +490,44 @@ private void importBom(ResourceRequest request, ResourceResponse response) {
         }
     }
 
+    private void exportSbom(ResourceRequest request, ResourceResponse response) {
+        final User user = UserCacheHolder.getUserFromRequest(request);
+        final ResourceParameters parameters = request.getResourceParameters();
+        final String bomtype = parameters.getValue(SBOM_FROMAT);
+        final String projectId = parameters.getValue(PROJECT_ID);
+        final Boolean includeSubProjReleases = Boolean.valueOf(CommonUtils.nullToEmptyString(parameters.getValue(PROJECT_WITH_SUBPROJECT)));
+        final String fileName = EXPORT_SBOM;
+        String contentType = ContentTypes.APPLICATION_JSON;
+        String bomString = "";
+
+        try {
+            if (CommonUtils.isNotNullEmptyOrWhitespace(projectId)) {
+                ProjectService.Iface projectClient = thriftClients.makeProjectClient();
+                RequestSummary summary = projectClient.exportCycloneDxSbom(projectId, bomtype, includeSubProjReleases, user);
+                RequestStatus staus = summary.getRequestStatus();
+                if (RequestStatus.FAILED_SANITY_CHECK.equals(staus)) {
+                    bomString = "{\"status\": \"" + staus.name() + "\"}";
+                } else if (RequestStatus.ACCESS_DENIED.equals(staus)) {
+                    bomString = "{\"status\": \"" + staus.name() + "\", \"message\": \"" + SW360Constants.SBOM_IMPORT_EXPORT_ACCESS_USER_ROLE + "\"}";
+                } else if (RequestStatus.FAILURE.equals(staus)) {
+                    bomString = "{\"status\": \"" + staus.name() + "\", \"message\": \"" + summary.getMessage() + "\"}";
+                } else {
+                    bomString = summary.getMessage();
+                    if (SW360Constants.XML_FILE_EXTENSION.equalsIgnoreCase(bomtype)) {
+                        contentType = ContentTypes.TEXT_XML;
+                    }
+                }
+            }
+            PortletResponseUtil.sendFile(request, response, fileName, bomString.getBytes(), contentType);
+        } catch (TException e) {
+            log.error("An error occured while generating SBOM file for export.", e);
+            response.setProperty(ResourceResponse.HTTP_STATUS_CODE, Integer.toString(HttpServletResponse.SC_INTERNAL_SERVER_ERROR));
+        } catch (IOException e) {
+            log.error("Failed to export SBOM file.", e);
+            response.setProperty(ResourceResponse.HTTP_STATUS_CODE, Integer.toString(HttpServletResponse.SC_INTERNAL_SERVER_ERROR));
+        }
+    }
+
     private void createClearingRequest(ResourceRequest request, ResourceResponse response) throws PortletException {
         User user = UserCacheHolder.getUserFromRequest(request);
         ClearingRequest clearingRequest = null;
@@ -1484,6 +1555,7 @@ private void prepareStandardView(RenderRequest request) throws IOException {
             request.setAttribute(CUSTOM_FIELD_PREFERRED_CLEARING_DATE_LIMIT, dateLimit);
             Integer criticalCount = modClient.getOpenCriticalCrCountByGroup(user.getDepartment());
             request.setAttribute(CRITICAL_CR_COUNT, criticalCount);
+            request.setAttribute(PortalConstants.IS_SBOM_IMPORT_EXPORT_ACCESS_USER, SW360Utils.isUserAtleastDesiredRoleInPrimaryOrSecondaryGroup(user, SW360Constants.SBOM_IMPORT_EXPORT_ACCESS_USER_ROLE));
         } catch(TException e) {
             log.error("Error in getting the projectList from backend ", e);
         }
@@ -1623,6 +1695,7 @@ private void prepareDetailView(RenderRequest request, RenderResponse response) t
                         total_vuls.addAll(vuls);
                     }
                 }
+                request.setAttribute(PortalConstants.IS_SBOM_IMPORT_EXPORT_ACCESS_USER, SW360Utils.isUserAtleastDesiredRoleInPrimaryOrSecondaryGroup(user, SW360Constants.SBOM_IMPORT_EXPORT_ACCESS_USER_ROLE));
                 request.setAttribute(PortalConstants.TOTAL_VULNERABILITY_COUNT, total_vuls.size());
                 putDirectlyLinkedReleasesInRequest(request, project);
                 Set<Project> usingProjects = client.searchLinkingProjects(id, user);
@@ -2363,6 +2436,7 @@ private void prepareProjectDuplicate(RenderRequest request) {
                 request.setAttribute(USING_PROJECTS, Collections.emptySet());
                 request.setAttribute(ALL_USING_PROJECTS_COUNT, 0);
                 request.setAttribute(SOURCE_PROJECT_ID, id);
+                request.setAttribute(PortalConstants.IS_SBOM_IMPORT_EXPORT_ACCESS_USER, SW360Utils.isUserAtleastDesiredRoleInPrimaryOrSecondaryGroup(user, SW360Constants.SBOM_IMPORT_EXPORT_ACCESS_USER_ROLE));
             } else {
                 Project project = new Project();
                 project.setBusinessUnit(user.getDepartment());
@@ -2898,6 +2972,22 @@ private void addLicenseToLinkedReleases(ResourceRequest request, ResourceRespons
         }
     }
 
+    private void loadSbomImportInfoFromAttachment(ResourceRequest request, ResourceResponse response) throws IOException, PortletException {
+        String attachmentContentId = request.getResourceParameters().getValue(ATTACHMENT_CONTENT_ID);
+        final ProjectService.Iface client = thriftClients.makeProjectClient();
+        try {
+            String importInfo = client.getSbomImportInfoFromAttachmentAsString(attachmentContentId);
+            JSONObject jsonObject = JSONFactoryUtil.createJSONObject(importInfo);
+            writeJSON(request, response, jsonObject);
+        } catch (SW360Exception e) {
+            log.error("Error fetching sbom import info from attachment db: " + attachmentContentId, e);
+        } catch (TException e) {
+            log.error("Error fetching sbom import info from attachment db: " + attachmentContentId, e);
+        } catch (JSONException e) {
+            log.error("An exception occured while parsing sbom import info: " + attachmentContentId, e);
+        }
+    }
+
     private void loadSpdxLicenseInfo(ResourceRequest request, ResourceResponse response) throws IOException, PortletException {
         final User user = UserCacheHolder.getUserFromRequest(request);
         final String releaseId = request.getParameter(PortalConstants.RELEASE_ID);
diff --git a/frontend/sw360-portlet/src/main/resources/META-INF/resources/css/components/_tooltips.scss b/frontend/sw360-portlet/src/main/resources/META-INF/resources/css/components/_tooltips.scss
index 1a5bf6fa4d..0bb3160098 100644
--- a/frontend/sw360-portlet/src/main/resources/META-INF/resources/css/components/_tooltips.scss
+++ b/frontend/sw360-portlet/src/main/resources/META-INF/resources/css/components/_tooltips.scss
@@ -117,6 +117,43 @@
     display: none;
 }
 
+/** CycloneDxComponentType **/
+.sw360-tt-CycloneDxComponentType:hover:after {
+    content: attr(data-content);
+}
+
+.sw360-tt-CycloneDxComponentType-APPLICATION:hover:after {
+    content: attr(data-content);
+}
+
+.sw360-tt-CycloneDxComponentType-CONTAINER:hover:after {
+    content: attr(data-content);
+}
+
+.sw360-tt-CycloneDxComponentType-DEVICE:hover:after {
+    content: attr(data-content);
+}
+
+.sw360-tt-CycloneDxComponentType-FILE:hover:after {
+    content: attr(data-content);
+}
+
+.sw360-tt-CycloneDxComponentType-FIRMWARE:hover:after {
+    content: attr(data-content);
+}
+
+.sw360-tt-CycloneDxComponentType-FRAMEWORK:hover:after {
+    content: attr(data-content);
+}
+
+.sw360-tt-CycloneDxComponentType-LIBRARY:hover:after {
+    content: attr(data-content);
+}
+
+.sw360-tt-CycloneDxComponentType-OPERATING_SYSTEM:hover:after {
+    content: attr(data-content);
+}
+
 /** Ternary **/
 .sw360-tt-Ternary:hover:after {
     content: attr(data-content);
diff --git a/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/admin/oauthclient/view.jsp b/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/admin/oauthclient/view.jsp
index 5ca89952cd..0417d74caf 100644
--- a/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/admin/oauthclient/view.jsp
+++ b/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/admin/oauthclient/view.jsp
@@ -377,7 +377,7 @@
                     $('#copyToClipboard').on('click', function(event) {
                         let textSelector = "#confirmDialog table tr td:eq(1)",
                             textToCopy = $("#confirmDialog table tr td pre#token").text();
-                        clipboard.copyToClipboard(textToCopy, textSelector, true);
+                        clipboard.copyToClipboard(textToCopy, '#copyToClipboard');
                     });
                     clientsTbl.destroy();
                     loadListOfClient();
diff --git a/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/components/includes/components/detailOverview.jspf b/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/components/includes/components/detailOverview.jspf
index abf85f21cd..109e0d2b29 100644
--- a/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/components/includes/components/detailOverview.jspf
+++ b/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/components/includes/components/detailOverview.jspf
@@ -212,7 +212,7 @@
         $('#copyToClipboard').on('click', function(event) {
             let textSelector = "table tr td#documentId",
                 textToCopy = $(textSelector).clone().children().remove().end().text().trim();
-            clipboard.copyToClipboard(textToCopy, textSelector);
+            clipboard.copyToClipboard(textToCopy, '#copyToClipboard');
         });
 
         let keyComponent, valueComponent;
diff --git a/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/components/includes/components/editBasicInfo.jspf b/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/components/includes/components/editBasicInfo.jspf
index 82b5f5f59b..e380f14bb1 100644
--- a/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/components/includes/components/editBasicInfo.jspf
+++ b/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/components/includes/components/editBasicInfo.jspf
@@ -8,6 +8,7 @@
   ~ SPDX-License-Identifier: EPL-2.0
 --%>
 
+<%@ page import="org.eclipse.sw360.datahandler.thrift.CycloneDxComponentType" %>
 <%@ page import="org.eclipse.sw360.datahandler.thrift.components.ComponentType" %>
 <%@ page import="org.eclipse.sw360.datahandler.thrift.components.Component" %>
 <%@ page import="org.eclipse.sw360.datahandler.thrift.Visibility" %>
@@ -64,9 +65,24 @@
                 </div>
             </div>
         </td>
+        <td>
+            <div class="form-group">
+                <label for="cdx_componenttype"><liferay-ui:message key="cyclonedx" /> <liferay-ui:message key="component.type" /></label>
+                <select class="form-control border" id="cdx_componenttype" name="<portlet:namespace/><%=Component._Fields.CDX_COMPONENT_TYPE%>" >
+                    <option value>-- <liferay-ui:message key="select" /> <liferay-ui:message key="cyclonedx" /> <liferay-ui:message key="component.type" /> --</option>
+                    <sw360:DisplayEnumOptions type="<%=CycloneDxComponentType.class%>" selected="${component.cdxComponentType}" />
+                </select>
+                <small class="form-text">
+                    <sw360:DisplayEnumInfo type="<%=CycloneDxComponentType.class%>"/>
+                    <liferay-ui:message key="learn.more.about.cyconedx.component.types" />
+                </small>
+            </div>
+        </td>
         <td>
             <sw360:DisplayVendorEdit id="<%=Component._Fields.DEFAULT_VENDOR_ID.toString()%>" vendorId="${component.defaultVendorId}" vendor="${component.defaultVendor}" label="default.vendor"/>
         </td>
+    </tr>
+    <tr>
         <td>
             <div class="form-group">
                 <label for="comp_homeurl"><liferay-ui:message key="homepage.url" /></label>
@@ -74,8 +90,6 @@
                     value="<sw360:out value="${component.homepage}"/>" placeholder="<liferay-ui:message key="enter.home.url" />"/>
             </div>
         </td>
-    </tr>
-    <tr>
         <td>
             <div class="form-group">
                 <label for="comp_blogurl"><liferay-ui:message key="blog.url" /></label>
@@ -90,13 +104,6 @@
                     placeholder="<liferay-ui:message key="enter.wiki.url" />" value="<sw360:out value="${component.wiki}"/>"/>
             </div>
         </td>
-        <td>
-            <div class="form-group">
-                <label for="mailinglist"><liferay-ui:message key="mailing.list.url" /></label>
-                <input class="form-control" id="mailinglist" name="<portlet:namespace/><%=Component._Fields.MAILINGLIST%>" type="text"
-                    placeholder="<liferay-ui:message key="enter.mailing.list.url" />" value="<sw360:out value="${component.mailinglist}"/>"/>
-            </div>
-        </td>
     </tr>
     <core_rt:choose>
         <core_rt:when test="${componentVisibilityRestriction}">
@@ -130,6 +137,13 @@
     </core_rt:choose>
 
     <tr>
+        <td>
+            <div class="form-group">
+                <label for="mailinglist"><liferay-ui:message key="mailing.list.url" /></label>
+                <input class="form-control" id="mailinglist" name="<portlet:namespace/><%=Component._Fields.MAILINGLIST%>" type="text"
+                    placeholder="<liferay-ui:message key="enter.mailing.list.url" />" value="<sw360:out value="${component.mailinglist}"/>"/>
+            </div>
+        </td>
         <td >
             <div class="form-group">
                 <label for="comp_desc"><liferay-ui:message key="short.description" /></label>
@@ -137,14 +151,6 @@
                         placeholder="<liferay-ui:message key="enter.description" />"><sw360:out value="${component.description}"/></textarea>
             </div>
         </td>
-        <td>
-            <div class="form-group">
-                <label for="modified_on"><liferay-ui:message key="modified.on" /></label>
-                <input id="modified_on" name="<portlet:namespace/><%=Component._Fields.MODIFIED_ON%>" type="date"
-                    placeholder="<liferay-ui:message key="modified.date.yyyy.mm.dd" />"
-                    value="<sw360:out value="${component.modifiedOn}"/>" readonly class="form-control"/>
-            </div>
-        </td>
         <td>
             <div class="form-group">
                 <sw360:DisplayUserEdit email="${component.modifiedBy}" id="<%=Component._Fields.MODIFIED_BY.toString()%>"
diff --git a/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/components/includes/components/summary.jspf b/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/components/includes/components/summary.jspf
index 5bd31fd7a2..4e5e490b5a 100644
--- a/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/components/includes/components/summary.jspf
+++ b/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/components/includes/components/summary.jspf
@@ -59,6 +59,10 @@
         <td><liferay-ui:message key="component.type" />:</td>
         <td><sw360:DisplayEnum value="${component.componentType}"/></td>
     </tr>
+    <tr>
+        <td><liferay-ui:message key="cyclonedx" /> <liferay-ui:message key="component.type" />:</td>
+        <td><sw360:DisplayEnum value="${component.cdxComponentType}"/></td>
+    </tr>
     <tr>
         <td><liferay-ui:message key="default.vendor" />:</td>
         <td><sw360:out value="${component.defaultVendor.fullname}"/></td>
diff --git a/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/components/includes/releases/detailOverview.jspf b/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/components/includes/releases/detailOverview.jspf
index b8e73083c9..4e1268cb72 100644
--- a/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/components/includes/releases/detailOverview.jspf
+++ b/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/components/includes/releases/detailOverview.jspf
@@ -251,7 +251,7 @@
         $('#copyToClipboard').on('click', function(event) {
             let textSelector = "table tr td#documentId",
             textToCopy = $(textSelector).clone().children().remove().end().text().trim();
-            clipboard.copyToClipboard(textToCopy, textSelector);
+            clipboard.copyToClipboard(textToCopy, '#copyToClipboard');
         });
 
 
diff --git a/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/components/view.jsp b/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/components/view.jsp
index 3201acf65b..5118fedf26 100644
--- a/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/components/view.jsp
+++ b/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/components/view.jsp
@@ -184,7 +184,7 @@
           <div class="btn-toolbar" role="toolbar">
                         <div class="btn-group" role="group">
               <button type="button" class="btn btn-primary" onclick="window.location.href='<%=addComponentURL%>'"><liferay-ui:message key="add.component" /></button>
-              <button type="button" class="btn btn-secondary" id="import-spdx-bom" data-action="import-spdx-bom"><liferay-ui:message key="import.spdx.bom" /></button>
+              <button type="button" class="btn btn-secondary" id="import-spdx-bom" data-action="import-spdx-bom"><liferay-ui:message key="import.sbom" /></button>
             </div>
             <div id="btnExportGroup" class="btn-group" role="group">
               <button id="btnExport" type="button" class="btn btn-secondary dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
diff --git a/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/projects/includes/detailOverview.jspf b/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/projects/includes/detailOverview.jspf
index 7dd02adcf6..929e66ef2d 100644
--- a/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/projects/includes/detailOverview.jspf
+++ b/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/projects/includes/detailOverview.jspf
@@ -18,6 +18,10 @@
     <portlet:param name="<%=PortalConstants.ACTION%>" value="<%=PortalConstants.LOAD_OBLIGATIONS_VIEW%>"/>
     <portlet:param name="<%=PortalConstants.DOCUMENT_ID%>" value="${docid}"/>
 </portlet:resourceURL>
+<portlet:resourceURL var="exportSbomUrl">
+    <portlet:param name="<%=PortalConstants.ACTION%>" value="<%=PortalConstants.EXPORT_SBOM%>"/>
+    <portlet:param name="<%=PortalConstants.PROJECT_ID%>" value="${project.id}"/>
+</portlet:resourceURL>
 <portlet:resourceURL var="updateProjectVulnerabilitiesURL">
     <portlet:param name="<%=PortalConstants.ACTION%>" value="<%=PortalConstants.UPDATE_VULNERABILITIES_PROJECT%>"/>
 </portlet:resourceURL>
@@ -29,6 +33,8 @@
 <core_rt:set var = "updateVulnerabilityRatings" scope = "request" value = "updateVulnerabilityRatings"/>
 <core_rt:set var="isSvmEnabled" value='<%=PortalConstants.IS_SVM_ENABLED%>' />
 <jsp:useBean id="isCrDisabledForProjectBU" type="java.lang.Boolean" scope="request"/>
+<jsp:useBean id="isSbomImportExportAccessUser" type="java.lang.Boolean" scope="request"/>
+
 <div class="container" style="display: none;">
 	<div class="row">
 		<div class="col-3 sidebar">
@@ -85,9 +91,35 @@
 									<liferay-ui:message key="edit.project" />
 								</button>
 							</div>
-                                                        <div class="btn-group" role="group">
-                                                            <button type="button" class="btn btn-secondary" id="linkToProjectButton"><liferay-ui:message key="link.to.projects" /></button>
-                                                        </div>
+							<div class="btn-group" role="group">
+							    <button type="button" class="btn btn-secondary" id="linkToProjectButton"><liferay-ui:message key="link.to.projects" /></button>
+							</div>
+							<div class="btn-group" role="group">
+							    <core_rt:if test = "${isSbomImportExportAccessUser and (project.clearingState ne 'CLOSED') and writeAccessUser}">
+							    <div class="btn-group" style="margin-right: auto;">
+							        <button type="button" class="btn btn-light border dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
+							            <liferay-ui:message key="import.sbom" />
+							            <clay:icon symbol="caret-bottom" />
+							        </button>
+							        <div class="dropdown-menu" id="importSbom">
+							            <a class="dropdown-item" href="#" data-type="cycloneDx"><liferay-ui:message key="cyclonedx" /></a>
+							        </div>
+							    </div>
+							    </core_rt:if>
+							    <core_rt:if test = "${isSbomImportExportAccessUser and (project.getReleaseIdToUsageSize() > 0 or project.getLinkedProjectsSize() > 0)}">
+							    <div class="btn-group" style="margin-right: auto;">
+							        <button type="button" class="btn btn-light border dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
+							            <liferay-ui:message key="export.sbom" />
+							            <clay:icon symbol="caret-bottom" />
+							        </button>
+							        <div class="dropdown-menu" id="exportSbom">
+							            <a class="dropdown-item" href="#" data-type="cycloneDx" data-project-name="${sw360:printProjectName(project)}" >
+							                <liferay-ui:message key="cyclonedx" />
+							            </a>
+							        </div>
+							    </div>
+							    </core_rt:if>
+							</div>
 							 <div class="list-group-companion" data-belong-to="tab-licenseClearing">
 								<div class="nav nav-pills justify-content-center bg-light font-weight-bold d-inline-flex" id="pills-tab" role="tablist">
 									<a class="nav-item nav-link active" id="pills-tree-tab" data-toggle="pill" href="#pills-treeView" role="tab" aria-controls="pills-treeView" aria-selected="true">
@@ -299,20 +331,168 @@
 
 <jsp:include page="/html/projects/includes/searchProjects.jsp" />
 
-<div class="dialogs auto-dialogs"></div>
+<div class="dialogs auto-dialogs">
+    <div id="exportSbomDialog" class="modal fade" tabindex="-1" role="dialog">
+        <div class="modal-dialog modal-lg modal-dialog-centered modal-info" role="document">
+            <div class="modal-content">
+                <div class="modal-header">
+                    <h5 class="modal-title">
+                        <clay:icon symbol="question-circle" />
+                        <liferay-ui:message key="export.sbom" />?
+                    </h5>
+                    <button type="button" class="close" data-dismiss="modal" aria-label="Close">
+                        <span aria-hidden="true">&times;</span>
+                    </button>
+                </div>
+                <div class="modal-body" id="exportSbomBody">
+                    <p><liferay-ui:message key="do.you.really.want.to.export.sbom.for.the.project.x" /></p>
+                    <p><small><liferay-ui:message key="currently.only.cyclonedx.sbom.export.is.supported" />.</small></p>
+                    <form id="exportSbomForm">
+                        <div class="form-group">
+                            <label for="sbom_format" class="mandatory"><liferay-ui:message key="sbom.format" />:</label>
+                            <select class="form-control form-control-sm w-25" id="sbom_format">
+                                <option value="xml" class="textlabel stackedLabel">XML</option>
+                                <option value="json" class="textlabel stackedLabel">JSON</option>
+                            </select>
+                            <div  class="invalid-feedback" id="sbomFormatErrorMsg">
+                                <liferay-ui:message key="please.select.the.sbom.format" />
+                            </div>
+                        </div>
+                        <div class="form-check">
+                            <input class="form-check-input" type="checkbox" name="withSubProjects" id="includeSubProjectsInSbom">
+                            <label class="form-check-label" for="includeSubProjectsInSbom"><liferay-ui:message key="include.releases.from.sub.projects.in.exported.sbom" />?</label>
+                        </div>
+                    </form>
+                </div>
+                <div class="modal-body" id="exportSbomSpinner">
+                    <div class="spinner text-center">
+                        <div class="spinner-border" role="status">
+                            <span class="sr-only"><liferay-ui:message key="loading" /></span>
+                        </div>
+                    </div>
+                </div>
+                <div class="modal-footer">
+                    <button type="button" id="exportSbomBtn" class="btn btn-primary"><liferay-ui:message key="export.sbom" /></button>
+                    <button type="button" class="btn btn-secondary" data-dismiss="modal"><liferay-ui:message key="close" /></button>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>
 
 <%--for javascript library loading --%>
 <%@ include file="/html/utils/includes/requirejs.jspf" %>
+<core_rt:if test = "${(project.clearingState ne 'CLOSED') and writeAccessUser}">
+<%@ include file="/html/utils/includes/importBom.jspf" %>
+</core_rt:if>
 <script>
 	document.title = $("<span></span>").html("<sw360:ProjectName project="${project}"/> - " + document.title).text();
 
-	require(['jquery', 'modules/listgroup', 'utils/link'], function($, listgroup, linkutil) {
+	require(['jquery', 'modules/listgroup', 'utils/link', 'modules/dialog', 'modules/button'], function($, listgroup, linkutil, dialog, button) {
 		listgroup.initialize('detailTab', $('#detailTab').data('initial-tab') || 'tab-Summary');
 	    if (window.history.replaceState) {
 	        window.history.replaceState(null, document.title, linkutil.to('project', 'show', "${project.id}"));
 	    }
+
+        $('.portlet-toolbar #exportSbom a.dropdown-item').on('click', function(event) {
+            var exportBtnData = $(event.currentTarget).data();
+            exportSbom($(this), exportBtnData);
+        });
+
+        function exportSbom(attachmentId, exportBtnData) {
+            let statusDiv = $('#exportSbomDialog').find('#exportSbomBody'),
+                spinnerDiv = $('#exportSbomDialog').find('#exportSbomSpinner'),
+                exportBtn = $('#exportSbomDialog').find('#exportSbomBtn'),
+                $form = $('#exportSbomDialog #exportSbomForm'),
+                projectName = exportBtnData.projectName;
+            $dialog = dialog.open('#exportSbomDialog', {
+                    projectName: projectName // data
+                },
+                function(submit, callback) { // submitCallback
+                    let sbomFormat = $("#exportSbomDialog #sbom_format").val(),
+                        includeSubProjects = $("#exportSbomDialog #includeSubProjectsInSbom").is(":checked"),
+                        startTime = Date.now();
+                    if (!sbomFormat || sbomFormat.trim().length == 0) {
+                        $("#exportSbomDialog #sbom_format").addClass("is-invalid");
+                        $("#exportSbomDialog #sbomFormatErrorMsg").show();
+                        callback();
+                        return;
+                    }
+                    $form.addClass('was-validated');
+                    $("#exportSbomDialog #sbom_format").removeClass("is-invalid");
+                    $("#exportSbomDialog #sbomFormatErrorMsg").hide();
+                    spinnerDiv.show();
+                    statusDiv.hide();
+                    jQuery.ajax({
+                        type: 'GET',
+                        url: '<%=exportSbomUrl%>',
+                        cache: false,
+                        data: {
+                            "<portlet:namespace/><%=PortalConstants.SBOM_FROMAT%>": sbomFormat,
+                            "<portlet:namespace/><%=PortalConstants.PROJECT_WITH_SUBPROJECT%>": includeSubProjects
+                        },
+                        success: function (data) {
+                            if (!data || data.length == 0 || Object.getOwnPropertyNames(data).length == 0) {
+                                $dialog.alert('<liferay-ui:message key="failed.to.export.sbom.for.project" />!');
+                            } else {
+                                if (data.status && data.status.length) {
+                                    if (data.status === 'FAILED_SANITY_CHECK') {
+                                        $dialog.alert('<liferay-ui:message key="no.linked.release" />!');
+                                    } else if (data.status === 'ACCESS_DENIED') {
+                                        $dialog.alert("<liferay-ui:message key="you.do.not.have.permission.to.import.or.export.the.sbom" />!<br>" +
+                                            "<liferay-ui:message key="only.user.with.role.x.and.above.have.permission.to.import.or.export.the.sbom" />!");
+                                    } else if (data.status === 'FAILURE') {
+                                        $dialog.alert('<liferay-ui:message key="failed.to.export.sbom.for.project" />!<br><liferay-ui:message key="error" />: ' + data.message);
+                                    }
+                                } else {
+                                    var blob;
+                                    if (sbomFormat === 'xml') {
+                                        const xmlInfo = '<?xml version="1.0" encoding="utf-8"?>\n';
+                                        blob = new Blob([xmlInfo + data.documentElement.outerHTML], {type: data.contentType});
+                                    } else {
+                                        blob = new Blob([JSON.stringify(data, null, 4)], {type: 'text/json'});
+                                    }
+                                    var anchorElement = window.document.createElement('a');
+                                    anchorElement.href = window.URL.createObjectURL(blob);
+                                    // replace colon, commas and forward slash with underscore
+                                    anchorElement.download = 'Project_' + projectName.replace(/[:,/]/g, "_") + '_' + new Date().toLocaleString().replace(/[:,\s/]/g, "_") + '_SBOM_.' + sbomFormat;
+                                    document.body.appendChild(anchorElement);
+                                    anchorElement.click();
+                                    document.body.removeChild(anchorElement);
+                                    let timeTakenInSeconds = (Date.now() - startTime) / 1000;
+                                    $dialog.success('<liferay-ui:message key="sbom.exported.successfully" />!<br><liferay-ui:message key="time.taken.for.export" />: ' +
+                                        timeTakenInSeconds + ' <liferay-ui:message key="seconds" />');
+                                }
+                            }
+                            $dialog.enableButtons(true);
+                            statusDiv.show();
+                            spinnerDiv.hide();
+                            button.finish('#exportSbomBtn');
+                            button.disable('#exportSbomBtn');
+                        },
+                        error: function () {
+                            $dialog.alert('<liferay-ui:message key="failed.to.export.sbom.for.project" />: ' + projectName);
+                            statusDiv.show();
+                            spinnerDiv.hide();
+                            $dialog.enableButtons(true);
+                            button.finish('#exportSbomBtn');
+                            button.disable('#exportSbomBtn');
+                        }
+                    });
+                },
+                function() { // beforeShowFn
+                    spinnerDiv.hide();
+                    statusDiv.show();
+                    $('#exportSbomDialog #exportSbomForm').removeClass('was-validated');
+                    $("#exportSbomDialog #sbom_format").removeClass("is-invalid");
+                    $("#exportSbomDialog #sbomFormatErrorMsg").hide();
+                },
+                undefined, // afterShowFn
+                true // isHTML
+            );
+        }
 	});
-	
+
 	$.ajax({
         url: '<%=obligationviewurl%>',
         type: "GET",
diff --git a/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/projects/includes/projects/clearingStatus.jsp b/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/projects/includes/projects/clearingStatus.jsp
index d5b41de212..79a2cde0e1 100644
--- a/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/projects/includes/projects/clearingStatus.jsp
+++ b/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/projects/includes/projects/clearingStatus.jsp
@@ -66,7 +66,7 @@
 <div class="tab-content" id="pills-clearingStatusTab">
     <div class="tab-pane fade show active" id="pills-treeView" role="tabpanel" aria-labelledby="pills-tree-tab">
     <div class="btn-group mx-1" role="group">
-        <button type="button" class="btn btn-outline-dark" id="addLicenseToRelease"><liferay-ui:message key="add.license.info.to.release" /></button>
+        <button type="button" class="btn btn-sm btn-outline-dark" id="addLicenseToRelease"><liferay-ui:message key="add.license.info.to.release" /></button>
     </div>
     <div class="float-right mx-2">
         <input type="search" id="search_table" class="form-control form-control-sm mb-1 float-right" placeholder="<liferay-ui:message key="search" />">
@@ -91,7 +91,7 @@
                             <core_rt:if test="${projectList.size() > 1 or (projectList.size() == 1 and not empty projectList.get(0).linkedReleases)}">
                             <div id="toggle" class="d-none">
                                 (<a href="#" id="expandAll" class="text-primary"><liferay-ui:message key="expand.next.level" /> </a>|
-                                <a href="#" id="collapseAll" class="text-primary"> <liferay-ui:message key="collapse.all" /></a>)
+                                <a href="#" id="collapseAll" class="text-primary"> <liferay-ui:message key="collapse.all" /></a>)&nbsp;
                             </div>
                             </core_rt:if>
                             <core_rt:if test="${projectList.size() > 1 or releaseList.size() > 0}">
diff --git a/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/projects/includes/searchProjects.jsp b/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/projects/includes/searchProjects.jsp
index cfabbe0816..deeb1c9fff 100644
--- a/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/projects/includes/searchProjects.jsp
+++ b/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/projects/includes/searchProjects.jsp
@@ -23,7 +23,7 @@
 
 <div class="dialogs">
 	<div id="searchProjectsDialog" data-title="<liferay-ui:message key="link.projects" />" class="modal fade" tabindex="-1" role="dialog">
-		<div class="modal-dialog modal-lg modal-dialog-centered modal-dialog-scrollable" role="document">
+		<div class="modal-dialog modal-lg modal-dialog-centered modal-dialog-scrollable mw-100 w-50" role="document">
 		    <div class="modal-content">
 			<div class="modal-body container">
 
@@ -140,7 +140,7 @@
         $('#copyToClipboard').on('click', function(event) {
             let textSelector = "table tr td#documentId",
             textToCopy = $(textSelector).clone().children().remove().end().text().trim();
-            clipboard.copyToClipboard(textToCopy, textSelector);
+            clipboard.copyToClipboard(textToCopy, '#copyToClipboard');
         });
 
         function showProjectDialog() {
diff --git a/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/projects/view.jsp b/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/projects/view.jsp
index 866b40ba3e..512063295a 100644
--- a/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/projects/view.jsp
+++ b/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/projects/view.jsp
@@ -34,6 +34,7 @@
 <jsp:useBean id="name" class="java.lang.String" scope="request"/>
 <jsp:useBean id="state" class="java.lang.String" scope="request"/>
 <jsp:useBean id="exactMatchCheckBox" class="java.lang.String" scope="request"/>
+<jsp:useBean id="isSbomImportExportAccessUser" type="java.lang.Boolean" scope="request"/>
 
 <core_rt:set var="stateAutoC" value='<%=PortalConstants.STATE%>'/>
 <core_rt:set var="projectTypeAutoC" value='<%=PortalConstants.PROJECT_TYPE%>'/>
@@ -165,7 +166,16 @@
                     <div class="btn-toolbar" role="toolbar">
                         <div class="btn-group" role="group">
                             <button type="button" class="btn btn-primary" onclick="window.location.href='<%=addProjectURL%>'"><liferay-ui:message key="add.project" /></button>
-                            <button type="button" class="btn btn-secondary" data-action="import-spdx-bom"><liferay-ui:message key="import.spdx.bom" /></button>
+                            <core_rt:if test = "${isSbomImportExportAccessUser}">
+                            <button type="button" class="btn btn-secondary dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
+                                <liferay-ui:message key="import.sbom" />
+                                <clay:icon symbol="caret-bottom" />
+                            </button>
+                            <div class="dropdown-menu" id="importSbom">
+                                <a class="dropdown-item import" href="#" data-type="spdx"><liferay-ui:message key="spdx" /></a>
+                                <a class="dropdown-item import" href="#" data-type="cycloneDx"><liferay-ui:message key="cyclonedx" /></a>
+                            </div>
+                            </core_rt:if>
                         </div>
                         <div id="btnExportGroup" class="btn-group" role="group">
                             <button id="btnExport" type="button" class="btn btn-secondary dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
diff --git a/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/search/view.jsp b/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/search/view.jsp
index 356ea3fb5e..9127f79044 100644
--- a/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/search/view.jsp
+++ b/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/search/view.jsp
@@ -154,7 +154,7 @@
                 } else if (data === '<%=SW360Constants.TYPE_RELEASE%>') {
                     return '<svg class="lexicon-icon type-icon type-icon-release"><title><liferay-ui:message key="release" /></title><use href="<%=request.getContextPath()%>/images/icons.svg#release"/></svg>';
                 } else if (data === '<%=SW360Constants.TYPE_OBLIGATION%>') {
-                    return '<svg class="lexicon-icon type-icon type-icon-oblig"><title>ToDo</title><use href="<%=request.getContextPath()%>/images/icons.svg#oblig"/></svg>';
+                    return '<svg class="lexicon-icon type-icon type-icon-oblig"><title><liferay-ui:message key="obligation" /></title><use href="<%=request.getContextPath()%>/images/icons.svg#oblig"/></svg>';
                 } else if (data === '<%=SW360Constants.TYPE_USER%>') {
                     return '<svg class="lexicon-icon type-icon type-icon-user"><title><liferay-ui:message key="user" /></title><use href="<%=request.getContextPath()%>/images/icons.svg#user"/></svg>'
                 } else if (data === '<%=SW360Constants.TYPE_VENDOR%>') {
diff --git a/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/utils/includes/attachmentsDetail.jsp b/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/utils/includes/attachmentsDetail.jsp
index 3a7942a8d3..0666813f48 100644
--- a/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/utils/includes/attachmentsDetail.jsp
+++ b/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/utils/includes/attachmentsDetail.jsp
@@ -18,12 +18,16 @@
     <portlet:param name="<%=PortalConstants.ACTION%>" value="<%=PortalConstants.EVALUATE_CLI_ATTACHMENTS%>"/>
     <portlet:param name="<%=PortalConstants.RELEASE_ID%>" value="${releaseId}"/>
 </portlet:resourceURL>
+<portlet:resourceURL var="loadSbomImportInfo">
+    <portlet:param name="<%=PortalConstants.ACTION%>" value="<%=PortalConstants.LOAD_SBOM_IMPORT_INFO%>"/>
+</portlet:resourceURL>
 <core_rt:catch var="attributeNotFoundException">
     <jsp:useBean id="attachments" type="java.util.Set<org.eclipse.sw360.datahandler.thrift.attachments.Attachment>" scope="request" />
     <jsp:useBean id="attachmentUsages" type="java.util.Map<java.lang.String, java.util.List<org.eclipse.sw360.datahandler.thrift.projects.Project>>" scope="request" />
     <jsp:useBean id="attachmentUsagesRestrictedCounts" type="java.util.Map<java.lang.String, java.lang.Long>" scope="request" />
     <jsp:useBean id="documentType" type="java.lang.String" scope="request" />
     <jsp:useBean id="documentID" class="java.lang.String" scope="request" />
+    <core_rt:set var="portletName" value="<%=themeDisplay.getPortletDisplay().getPortletName() %>"/>
 </core_rt:catch>
 
 <%--for javascript library loading --%>
@@ -44,6 +48,37 @@
     </core_rt:if>
 
     <core_rt:if test="${not empty attachments}">
+
+        <core_rt:if test="${portletName eq 'sw360_portlet_projects'}">
+            <div class="dialogs auto-dialogs">
+                <div id="viewSbomImportResult" class="modal" tabindex="-1" role="dialog">
+                    <div class="modal-dialog modal-lg modal-dialog-centered modal-dialog-scrollable modal-info mw-100 w-50" role="document">
+                        <div class="modal-content">
+                            <div class="modal-header">
+                                <h5 class="modal-title">
+                                    <clay:icon symbol="import-list" /> &nbsp; <liferay-ui:message key="sbom.import.statistics.for" />: <span class="text-primary" data-name="fileName"></span>
+                                </h5>
+                                <button type="button" class="close" data-dismiss="modal" aria-label="Close">
+                                    <span aria-hidden="true">&times;</span>
+                                </button>
+                            </div>
+                            <div class="modal-body">
+                                <div class="spinner text-center">
+                                    <div class="spinner-border" role="status">
+                                        <span class="sr-only"><liferay-ui:message key="loading" /></span>
+                                    </div>
+                                </div>
+                                <div style="display: none;" id="bomImportInfo"></div>
+                            </div>
+                            <div class="modal-footer">
+                                <button type="button" class="btn btn-light" data-dismiss="modal"><liferay-ui:message key="close" /></button>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </core_rt:if>
+
         <core_rt:if test="${not empty releaseId and writeAccessUser}">
           <div id="errorMsgContainer">
             <div id="errorMsg" class="alert alert-dismissible d-none" role="alert">
@@ -91,10 +126,11 @@
         </table>
 
         <script>
-            require(['jquery', 'bridges/datatables', 'modules/dialog' ], function($, datatables, dialog) {
+            require(['jquery', 'bridges/datatables', 'modules/dialog', 'utils/includes/clipboard'], function($, datatables, dialog, clipboard) {
                 var attachmentJSON = [];
                 var usageLinks;
-
+                var isProjectPortlet = '${portletName}' === 'sw360_portlet_projects';
+                const importStatus = '_importstatus';
                 /* Print all attachment table data as array into the html page */
                 <core_rt:forEach items="${attachments}" var="attachment">
                     usageLinks = [];
@@ -271,9 +307,116 @@
                 }
 
                 function renderAttachmentFileName(data, type, row, meta) {
+                    if (isProjectPortlet && data.toLowerCase().indexOf(importStatus) !== -1 && data.toLowerCase().endsWith('.json') && $(row.type)[0].innerHTML == 'OTH') {
+                        return $('<span></span>').text(data).addClass(row.attachmentContentId)
+                            .append($('<span class="glyphicon glyphicon-info-sign float-right" title="<liferay-ui:message key="view.sbom.import.result" />" type="button"></span>'))[0].outerHTML;
+                    }
                     return $('<span></span>').text(data).addClass(row.attachmentContentId)[0].outerHTML;
                 }
 
+                const copyBtn = '<button type="button" class="btn btn-sm btn-secondary ml-3 copyToClipboard" data-toggle="tooltip" title="<liferay-ui:message key="copy.to.clipboard" />">' +
+                                 '<clay:icon symbol="paste" class="text-primary"/> </button>';
+
+                $(document).on('click', 'button.copyToClipboard', function(event) {
+                    let textToCopy = $(this).parent('div.alert')[0].innerText;
+                    clipboard.copyToClipboard(textToCopy, '#' + $(this).attr('id'));
+                });
+
+                var dialogDiv = $('#viewSbomImportResult');
+                $(document).on('click', '.glyphicon-info-sign', function() {
+                    loadSbomImportInfo($(this).parent('span')[0].getAttribute('class'), $(this).parent('span')[0].innerText);
+                });
+
+                function loadSbomImportInfo(attachmentId, attachmentName) {
+                    statusDiv = $('#viewSbomImportResult').find('#bomImportInfo');
+                    spinnerDiv = $('#viewSbomImportResult').find('.spinner')
+                    $dialog = dialog.open('#viewSbomImportResult', {
+                            fileName: attachmentName // data
+                        },
+                        undefined, // submitCallback
+                        function() { // beforeShowFn
+                            spinnerDiv.show();
+                            statusDiv.hide();
+                            statusDiv.html("");
+                        },
+                        undefined, // afterShowFn
+                        true // isHTML
+                    );
+                    jQuery.ajax({
+                        type: 'GET',
+                        url: '<%=loadSbomImportInfo%>',
+                        cache: false,
+                        data: {
+                            "<portlet:namespace/><%=PortalConstants.ATTACHMENT_CONTENT_ID%>": attachmentId
+                        },
+                        success: function (data) {
+                            if (!data || data.length == 0 || Object.getOwnPropertyNames(data).length == 0) {
+                                statusDiv.html('<liferay-ui:message key="failed.to.load.sbom.import.status.for.attachment" />!');
+                            } else {
+                                var result = data.result;
+                                if (data.message && data.message.length) {
+                                    statusDiv.html('<h3><liferay-ui:message key="sbom.import.status" />...</h3>');
+                                    statusDiv.append("<span class='alert alert-success'>" + data.message + "</span>");
+                                }
+                                if (result === 'SUCCESS') {
+                                    statusDiv.html('<h3><liferay-ui:message key="sbom.import.status" />...</h3>');
+                                    countInfo = $('<ul/>');
+                                    if (data.compCreationCount || data.compReuseCount) {
+                                        let total = Number(data.compCreationCount) + Number(data.compReuseCount);
+                                        countInfo.append('<li><liferay-ui:message key="total.components" />: <b>' + total + '</b></li>');
+                                        countInfo.append('<ul><li><liferay-ui:message key="components.created" />: <b>' + data.compCreationCount + '</b></li></ul>');
+                                        countInfo.append('<ul><li><liferay-ui:message key="components.reused" />: <b>' + data.compReuseCount + '</b></li></ul>');
+                                    }
+                                    if (data.relCreationCount || data.relReuseCount) {
+                                        let total = Number(data.relCreationCount) + Number(data.relReuseCount);
+                                        countInfo.append('<li><liferay-ui:message key="total.releases" />: <b>' + total + '</b></li>');
+                                        countInfo.append('<ul><li><liferay-ui:message key="releases.created" />: <b>' + data.relCreationCount + '</b></li></ul>');
+                                        countInfo.append('<ul><li><liferay-ui:message key="releases.reused" />: <b>' + data.relReuseCount + '</b></li></ul>');
+                                    }
+                                    statusDiv.append("<div class='alert alert-success'> " + countInfo[0].outerHTML + "</div>");
+                                }
+                                if (data.invalidRel && data.invalidRel.length) {
+                                    invalidRelList = $('<ul/>');
+                                    data.invalidRel.split('||').forEach(function(comp, index) {
+                                        invalidRelList.append('<li>' + comp + '</li>');
+                                    });
+                                    var cpBtn = $(copyBtn).clone();
+                                    $(cpBtn).attr('id', 'copyToClipboard_irs');
+                                    statusDiv.append("<div class='alert alert-danger'><liferay-ui:message key="list.of.components.without.version.information" />: <b>" + $(invalidRelList).find('li').length +
+                                        "</b> <small>(<liferay-ui:message key="not.imported" />)</small> " + cpBtn[0].outerHTML + " " + invalidRelList[0].outerHTML + "</div>")
+                                }
+                                if (data.dupComp && data.dupComp.length) {
+                                    compList = $('<ul/>');
+                                    data.dupComp.split('||').forEach(function(comp, index) {
+                                        compList.append('<li>' + comp + '</li>');
+                                    });
+                                    var cpBtn = $(copyBtn).clone();
+                                    $(cpBtn).attr('id', 'copyToClipboard_dcs');
+                                    statusDiv.append("<div class='alert alert-warning'><b>" + $(compList).find('li').length +
+                                        "</b> <liferay-ui:message key="components.were.not.imported.because.multiple.duplicate.components.are.found.with.exact.same.name" />: " + copyBtn + " " + compList[0].outerHTML + "</div>")
+                                }
+                                if (data.dupRel && data.dupRel.length) {
+                                    relList = $('<ul/>');
+                                    data.dupRel.split('||').forEach(function(rel, index) {
+                                        relList.append('<li>' + rel + '</li>');
+                                    });
+                                    var cpBtn = $(copyBtn).clone();
+                                    $(cpBtn).attr('id', 'copyToClipboard_drs');
+                                    statusDiv.append("<div class='alert alert-warning'><b>" + $(relList).find('li').length +
+                                        "</b> <liferay-ui:message key="releases.were.not.imported.because.multiple.duplicate.releases.are.found.with.exact.same.name.and.version" />: " + copyBtn + " " + relList[0].outerHTML + "</div>")
+                                }
+                            }
+                            spinnerDiv.hide();
+                            statusDiv.show();
+                        },
+                        error: function () {
+                            statusDiv.html('<liferay-ui:message key="failed.to.load.sbom.import.status.for.attachment" />: ' + attachmentName);
+                            spinnerDiv.hide();
+                            statusDiv.show();
+                        }
+                    });
+                }
+
                 function renderAttachmentUsages(data, type, row, meta) {
                     if (type === 'display') {
                         var usagesHtml = '';
diff --git a/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/utils/includes/importBom.jspf b/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/utils/includes/importBom.jspf
index 01dca71558..9a27c72940 100644
--- a/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/utils/includes/importBom.jspf
+++ b/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/utils/includes/importBom.jspf
@@ -12,7 +12,7 @@
 <%--
     Description:             Import SPDX BOM to SW360
 
-    Required Buttons:        - <button type="button" class="btn btn-primary" data-action="import-spdx-bom">Import SPDX BOM</button>
+    Required Buttons:        - <button type="button" class="btn btn-primary" data-action="import-project-bom">Import SBOM</button>
 
     Required Imports:        - org.eclipse.sw360.portal.common.PortalConstants
 
@@ -38,32 +38,68 @@
     <portlet:param name="<%=PortalConstants.DOCUMENT_TYPE%>" value="${documentType}"/>
 </portlet:resourceURL>
 
+<portlet:resourceURL var="deleteAttachmentAjaxURL">
+    <portlet:param name="<%=PortalConstants.ACTION%>" value='<%=PortalConstants.ATTACHMENT_CANCEL%>'/>
+</portlet:resourceURL>
+
 <div class="dialogs">
-    <div id="spdxBomUpload" data-title="Upload SBOM" class="modal fade" tabindex="-1" role="dialog"
+    <div id="spdxBomUpload" data-title="<liferay-ui:message key="upload"/> <span class='text-info spdxMsg'>SPDX</span> <span class='text-info cycloneDxMsg'>CyconeDX</span> <liferay-ui:message key="sbom"/>"
+         class="modal fade" tabindex="-1" role="dialog"
          data-portlet-namespace="<portlet:namespace/>"
          data-new-attachment-url="<%=newAttachmentAjaxURL%>"
          data-upload-attachment-part-url="<%=uploadPartAjaxURL%>"
          data-import-bom-url="<%=importBomAjaxURL%>" >
-        <div class="modal-dialog modal-lg modal-dialog-centered modal-dialog-scrollable" role="document">
+        <div class="modal-dialog modal-lg modal-dialog-centered modal-dialog-scrollable mw-100 w-50" role="document">
             <div class="modal-content">
                 <div class="modal-body container" id="spdxBomUploadUpload">
-                    <h2>Upload BOM document as ${documentType}</h2>
-                    <p>This currently only supports SPDX RDF/XML files with a uniq described top level node.</p>
+                    <h3><liferay-ui:message key="please.upload.the"/> <span class="text-info spdxMsg">SPDX -> RDF/XML</span> <span class="text-info cycloneDxMsg">CycloneDX -> XML/JSON</span> <liferay-ui:message key="sbom.document"/>.</h3>
+                    <p class="spdxMsg"><liferay-ui:message key="this.currently.only.supports.spdx.rdf.xml.files.with.a.unique.described.top.level.node" />.</p>
+                    <div class="cycloneDxMsg">
+                        <ul>
+                        <core_rt:choose>
+                        <core_rt:when test="${inProjectDetailsContext}">
+                            <li><liferay-ui:message key="import.will.fail.if.current.project.name.and.version.is.not.same.as.component.present.in.sbom"/>
+                                <span class="font-weight-bold text-monospace text-danger">metadata</span> <liferay-ui:message key="tag2"/>.
+                            </li>
+                        </core_rt:when>
+                        <core_rt:otherwise>
+                            <li><liferay-ui:message key="import.will.fail.if.there.is.already.an.existing.project.with.same.name.and.version.as.component.present.in.sbom"/>
+                                <span class="font-weight-bold text-monospace text-danger">metadata</span> <liferay-ui:message key="tag2"/>.
+                            </li>
+                        </core_rt:otherwise>
+                        </core_rt:choose>
+                            <li>
+                                <span class="font-weight-bold text-monospace text-danger"><liferay-ui:message key="components"/> & <liferay-ui:message key="releases"/></span>
+                                <liferay-ui:message key="will.not.be.created.if.it.does.not.contain"/> <span class="text-info"><liferay-ui:message key="name"/></span> <liferay-ui:message key="or2"/>
+                                <span class="text-info"><liferay-ui:message key="version"/></span>
+                                <liferay-ui:message key="in.sbom.file"/>.</li>
+                        </ul>
+                    </div>
                     <div class="lfr-dynamic-uploader">
                         <div class="lfr-upload-container">
                             <div id="fileupload-drop" class="upload-target">
-                                <span>Drop a File Here</span>
+                                <span><liferay-ui:message key="drop.a.file.here" /></span>
                                 <br/>
-                                Or
+                                <liferay-ui:message key="or"/>
                                 <br/>
-                                <button id="fileupload-browse" type="button" class="btn btn-secondary">Browse</button>
+                                <button id="fileupload-browse" type="button" class="btn btn-secondary"><liferay-ui:message key="browse" /></button>
                             </div>
                         </div>
                     </div>
                 </div>
                 <div class="modal-body container d-none" id="spdxBomUploadStatus"></div>
+                <div class="modal-body" id="importSbomSpinner">
+                    <div class="spinner text-center">
+                        <div class="spinner-border" role="status">
+                            <span class="sr-only"><liferay-ui:message key="loading" /></span>
+                        </div>
+                    </div>
+                </div>
                 <div class="modal-footer">
-                    <button type="button" class="btn btn-light" data-dismiss="modal">Close</button>
+                    <button type="button" class="btn btn-light" data-dismiss="modal"><liferay-ui:message key="close" /></button>
+                    <button id="sbom-upload" type=submit class="btn btn-primary" title="<liferay-ui:message key="upload.and.import" /> <liferay-ui:message key="sbom" />">
+                        <liferay-ui:message key="upload.and.import" />
+                    </button>
                 </div>
             </div>
         </div>
@@ -71,22 +107,68 @@
 </div>
 
 <script>
-    require(['jquery', 'resumable', 'modules/dialog', 'modules/validation'], function($, Resumable, dialog, validation) {
-        $('.portlet-toolbar button[data-action="import-spdx-bom"]').on('click', function() {
-            var dialogDivId = '#spdxBomUpload';
+    require(['jquery', 'resumable', 'modules/dialog', 'modules/validation', 'modules/button', 'utils/includes/clipboard'], function($, Resumable, dialog, validation, button, clipboard) {
+
+        const attIds = new Set();
+        const copyBtn = '<button type="button" class="btn btn-sm btn-secondary ml-3 copyToClipboard" data-toggle="tooltip" title="<liferay-ui:message key="copy.to.clipboard" />">' +
+        '<clay:icon symbol="paste" class="text-primary"/> </button>';
+
+        $('.portlet-toolbar #importSbom a.dropdown-item').on('click', function() {
+            uploadAndImportSbom();
+        });
+
+        $('#spdxBomUpload').on("hidden.bs.modal", function () {
+            console.log("dislaog is closed....");
+            cleanupDuplicateAttachment(attIds);
+        });
+
+        $(document).on('click', 'button.copyToClipboard', function(event) {
+            let textToCopy = $(this).parent('div.alert')[0].innerText;
+            clipboard.copyToClipboard(textToCopy, '#' + $(this).attr('id'));
+        });
+
+        function cleanupDuplicateAttachment(attachmentIds) {
+            for (const id of attachmentIds) {
+
+                var data = {};
+                data["<portlet:namespace/>attachmentId"] = id;
+
+                $.ajax({
+                    url: "<%=deleteAttachmentAjaxURL%>",
+                    cache: false,
+                    dataType: "json",
+                    data: data
+                });
+                attIds.delete(id);
+            }
+        }
+
+        function uploadAndImportSbom() {
+            let dialogDivId = '#spdxBomUpload',
+                isProjectDetailsPage = '${inProjectDetailsContext}',
+                r, uploadButton, statusDiv, spinnerDiv;
 
             //function open(selector, data, submitCallback, beforeShowFn, afterShowFn) {
             $dialog = dialog.open(dialogDivId,
                 {}, // data
                 function(submit, callback) {
                     // submitCallback
+                    r.upload();
+                    callback();
                 },
                 function() {
                     // beforeShowFn
 
                     var dialogDiv = $(dialogDivId);
                     var contentDiv = dialogDiv.find("#spdxBomUploadUpload");
-                    var statusDiv = dialogDiv.find("#spdxBomUploadStatus");
+                    contentDiv.show();
+                    statusDiv = dialogDiv.find("#spdxBomUploadStatus");
+                    spinnerDiv = dialogDiv.find("#importSbomSpinner");
+                    if (!statusDiv.hasClass('d-none')) {
+                    	statusDiv.html("");
+                    	statusDiv.addClass('d-none');
+                    }
+                    spinnerDiv.hide();
                     var data = dialogDiv.data();
                     var portletNamespace = data.portletNamespace;
 
@@ -94,6 +176,19 @@
                     urls.newAttachment = data.newAttachmentUrl;
                     urls.uploadAttachmentPart = data.uploadAttachmentPartUrl;
                     urls.importBom = data.importBomUrl;
+
+                    uploadButton = $("button#sbom-upload");
+                    uploadButton.hide();
+                    let buttonData = $(event.currentTarget).data();
+                    var bomType = buttonData.type.trim().toUpperCase();
+                    if (bomType == 'SPDX') {
+                        $("#spdxBomUpload .spdxMsg").show();
+                        $("#spdxBomUpload .cycloneDxMsg").hide();
+                    } else {
+                        $("#spdxBomUpload .spdxMsg").hide();
+                        $("#spdxBomUpload .cycloneDxMsg").show();
+                    }
+
                     function getAttachmentIdPromise(file) {
                         var data = {};
                         data[portletNamespace + "fileName"] = file.fileName || file.name;
@@ -109,6 +204,12 @@
                     function importBomFromAttachment(attachmentContentId) {
                         var data = {};
                         data[portletNamespace + "<%=PortalConstants.ATTACHMENT_CONTENT_ID%>"] = attachmentContentId;
+                        data[portletNamespace + "<%=PortalConstants.BOM_TYPE%>"] = bomType;
+                        data[portletNamespace + "<%=PortalConstants.PROJECT_ID%>"] = '${docid}';
+                        button.wait(uploadButton);
+                        $(dialogDivId).find("[data-dismiss='modal']").each(function(index, element) {
+                            $(this).attr('disabled', 'disabled');
+                        });
 
                         return $.ajax({
                             url: urls.importBom,
@@ -118,60 +219,168 @@
                         });
                     }
 
-                    var r = new Resumable({
+                    r = new Resumable({
                         target: urls.uploadAttachmentPart,
                         parameterNamespace: portletNamespace,
                         simultaneousUploads: 1,
                         generateUniqueIdentifier: getAttachmentIdPromise,
                         chunkRetryInterval: 2000,
                         maxChunkRetries: 3,
-                        fileType: ['rdf','json','spdx']
+                        maxFiles: 1,
+                        fileType: ['rdf', 'spdx', 'xml', 'json']
                     });
 
                     r.assignBrowse($('#fileupload-browse')[0]);
                     r.assignDrop($('#fileupload-drop')[0]);
 
                     r.on('fileAdded', function (file) {
-                        console.log("fileAdded...");
+                        attIds.add(file.uniqueIdentifier);
                         contentDiv.hide();
                         statusDiv.removeClass('d-none');
-                        r.upload();
-                        statusDiv.html("<h2>Uploading " + file.fileName + " file</h2>");
+                        uploadButton.show();
+                        statusDiv.html('<h3><liferay-ui:message key="file" /> <span class="text-info">' + file.fileName + '</span> <liferay-ui:message key="added.successfully" />, ' +
+                                '<liferay-ui:message key="click.on.upload.and.import.button" />.</h3>');
                     });
-                    r.on('fileProgress', function (file) {
-                        console.log("fileProgress...");
+                    r.on('uploadStart', function () {
+                        $(dialogDivId).find("[data-dismiss='modal']").each(function(index, element) {
+                            $(this).attr('disabled', 'disabled');
+                        });
+                        spinnerDiv.show();
+                        statusDiv.html('<h3><liferay-ui:message key="uploading.sbom.file" />...</h3>');
                     });
                     r.on('fileSuccess', function (file) {
-                        console.log("fileSuccess...");
-                        statusDiv.html("<h2>Importing ...</h2>");
+                    	var startTime = Date.now();
+                        statusDiv.html('<h3><liferay-ui:message key="upload.successful.importing.of.sbom.is.in.progress" />...</h3>');
                         var attachmentContentId = file.uniqueIdentifier;
+                        attIds.delete(attachmentContentId);
                         importBomFromAttachment(attachmentContentId).then(function (data) {
-                            console.log("importSuccess...");
-                            statusDiv.html("<h2>Imported</h2>");
-                            if ('redirectUrl' in data) {
-                                statusDiv.append("<div>Created as <a href=\"" + data.redirectUrl + "\">" + data.message + "</a>, redirecting ...</div>");
-                                window.location.href = data.redirectUrl;
+                            button.finish(uploadButton);
+                            $(dialogDivId).find("[data-dismiss='modal']").each(function(index, element) {
+                                $(this).removeAttr('disabled');
+                            });
+                            spinnerDiv.hide();
+                            if (bomType === 'SPDX') {
+                                statusDiv.html('<h3><liferay-ui:message key="sbom.imported.successfully" />...</h3>');
+	                            if ('redirectUrl' in data) {
+	                                statusDiv.append('<div><liferay-ui:message key="created.project.with.id" />: <a href=\"' + data.redirectUrl + '\">' + data.message + '</a>, <liferay-ui:message key="redirecting.to.project.details.page" />...</div>');
+	                                window.location.href = data.redirectUrl;
+	                            } else {
+	                                statusDiv.append("<div>" + JSON.stringify(data) + "</div>");
+	                                contentDiv.show();
+	                            }
                             } else {
-                                statusDiv.append("<div>" + JSON.stringify(data) + "</div>");
-                                contentDiv.show();
+                                var result = data.result;
+                                var endTime = Date.now();
+                                var timeTakenInSeconds = (endTime - startTime) / 1000;
+                                if ((data.projectName && data.projectName.length) || (data.message && data.message.length)) {
+                                    if (result !== 'SUCCESS') {
+                                        statusDiv.html('<h3><liferay-ui:message key="failed.to.import.sbom" />: <span class="text-info">' + file.fileName + '</span></h3>');
+                                        if (result == 'DUPLICATE') {
+                                            statusDiv.append("<div class='alert alert-danger'><b><liferay-ui:message key="duplicate.sbom" />:</b>" +
+                                                "<br><liferay-ui:message key="a.project.with.the.same.name.and.version.already.exists" /> <liferay-ui:message key="please.import.this.sbom.from.project.details.page" />!<br>" +
+                                                "&emsp;<a href=\"" + data.redirectUrl + "\" target='_blank'>" + data.projectName + "</a><br><liferay-ui:message key="click.the.url.to.open.project.details.page" />.</div>");
+                                        } else if (result == 'FAILED_SANITY_CHECK') {
+                                            statusDiv.append("<div class='alert alert-danger'><b><liferay-ui:message key="sbom.failed.sanity.check" />:</b> <br>" +
+                                                "<liferay-ui:message key="project.name.and.version.x.present.in.sbom.metadata.tag.is.not.same.as.the.current.sw360.project" />!</div>");
+                                        } else if (result == 'ACCESS_DENIED') {
+                                            statusDiv.append("<div class='alert alert-danger'><b><liferay-ui:message key="access.denied.2" />:</b> <br>" +
+                                                    "<liferay-ui:message key="you.do.not.have.permission.to.import.or.export.the.sbom" />" +
+                                                    "<br><liferay-ui:message key="only.user.with.role.x.and.above.have.permission.to.import.or.export.the.sbom" />!</div>");
+                                        } else {
+                                            statusDiv.append("<span class='alert alert-danger'> <b>" + result + ':</b> <br>' + data.message + "</span>");
+                                        }
+                                    } else {
+                                        statusDiv.html('<h3><liferay-ui:message key="sbom.imported.successfully" />...</h3>');
+                                        statusDiv.append("<span class='alert alert-success'>" + data.message + "</span>");
+                                    }
+                                }
+                                if (result === 'SUCCESS') {
+                                    statusDiv.html('<h3><liferay-ui:message key="sbom.imported.successfully" />...</h3>');
+                                    if ('redirectUrl' in data) {
+                                        if (isProjectDetailsPage) {
+                                            statusDiv.append("<div class='alert alert-info'><liferay-ui:message key="imported.sbom.into.project" />: <a href=\"" + data.redirectUrl + "\" target='_blank'>" + data.projectName +
+                                                    "</a>.<br> <liferay-ui:message key="time.taken.for.import" />: " + timeTakenInSeconds + " <liferay-ui:message key="seconds" /> </div>");
+                                        } else {
+                                            statusDiv.append("<div class='alert alert-info'><liferay-ui:message key="created.project.with.name" />: <a href=\"" + data.redirectUrl + "\" target='_blank'>" + data.projectName +
+                                                    "</a>, <liferay-ui:message key="click.the.url.to.open.project.details.page" />.<br> <liferay-ui:message key="time.taken.for.import" />: " + timeTakenInSeconds + " <liferay-ui:message key="seconds" /> </div>");
+                                        }
+                                        countInfo = $('<ul/>');
+                                        if (data.compCreationCount || data.compReuseCount) {
+                                            let total = Number(data.compCreationCount) + Number(data.compReuseCount);
+                                            countInfo.append('<li><liferay-ui:message key="total.components" />: <b>' + total + '</b></li>');
+                                            countInfo.append('<ul><li><liferay-ui:message key="components.created" />: <b>' + data.compCreationCount + '</b></li></ul>');
+                                            countInfo.append('<ul><li><liferay-ui:message key="components.reused" />: <b>' + data.compReuseCount + '</b></li></ul>');
+                                        }
+                                        if (data.relCreationCount || data.relReuseCount) {
+                                        let total = Number(data.relCreationCount) + Number(data.relReuseCount);
+                                            countInfo.append('<li><liferay-ui:message key="total.releases" />: <b>' + total + '</b></li>');
+                                            countInfo.append('<ul><li><liferay-ui:message key="releases.created" />: <b>' + data.relCreationCount + '</b></li></ul>');
+                                            countInfo.append('<ul><li><liferay-ui:message key="releases.reused" />: <b>' + data.relReuseCount + '</b></li></ul>');
+                                        }
+                                        statusDiv.append("<div class='alert alert-success'> " + countInfo[0].outerHTML + "</div>");
+                                    }
+                                }
+                                if (data.invalidRel && data.invalidRel.length) {
+                                    invalidRelList = $('<ul/>');
+                                    data.invalidRel.split('||').forEach(function(comp, index) {
+                                        invalidRelList.append('<li>' + comp + '</li>');
+                                    });
+                                    var cpBtn = $(copyBtn).clone();
+                                    $(cpBtn).attr('id', 'copyToClipboard_ir');
+                                    statusDiv.append("<div class='alert alert-danger'><liferay-ui:message key="list.of.components.without.version.information" />: <b>" + $(invalidRelList).find('li').length +
+                                            "</b> <small>(<liferay-ui:message key="not.imported" />)</small> " + cpBtn[0].outerHTML + " " +invalidRelList[0].outerHTML + "</div>")
+                                }
+                                if (data.dupComp && data.dupComp.length) {
+                                    compList = $('<ul/>');
+                                    data.dupComp.split('||').forEach(function(comp, index) {
+                                        compList.append('<li>' + comp + '</li>');
+                                    });
+                                    var cpBtn = $(copyBtn).clone();
+                                    $(cpBtn).attr('id', 'copyToClipboard_dc');
+                                    statusDiv.append("<div class='alert alert-warning'><b>" + $(compList).find('li').length +
+                                            "</b> <liferay-ui:message key="components.were.not.imported.because.multiple.duplicate.components.are.found.with.exact.same.name" />: " + copyBtn + " " + compList[0].outerHTML + "</div>")
+                                }
+                                if (data.dupRel && data.dupRel.length) {
+                                    relList = $('<ul/>');
+                                    data.dupRel.split('||').forEach(function(rel, index) {
+                                        relList.append('<li>' + rel + '</li>');
+                                    });
+                                    var cpBtn = $(copyBtn).clone();
+                                    $(cpBtn).attr('id', 'copyToClipboard_dr');
+                                    statusDiv.append("<div class='alert alert-warning'><b>" + $(relList).find('li').length +
+                                            "</b> <liferay-ui:message key="releases.were.not.imported.because.multiple.duplicate.releases.are.found.with.exact.same.name.and.version" />: " + copyBtn + " " + relList[0].outerHTML + "</div>")
+
+                                }
                             }
-                        }).catch(function (err) {
-                            statusDiv.html("<h2>Failed :(</h2>");
-                            statusDiv.append("<div>" + JSON.stringify(err) + "</div>");
+                            uploadButton.hide();
+                            cleanupDuplicateAttachment(attIds);
+                        }).catch(function (error) {
+                            statusDiv.html("<h3><span class='text-danger'><liferay-ui:message key="failed" /> : </span> </h3>");
+                            statusDiv.append("<div>" + JSON.stringify(error) + "</div>");
+                            if (error.message) {
+                            	statusDiv.append("<div>" + error.message + "</div>");
+                            }
+                            spinnerDiv.hide();
                             contentDiv.show();
+                            cleanupDuplicateAttachment(attIds);
                         });
                     });
                     r.on('fileError', function (file) {
-                        console.log("fileError...");
-                        statusDiv.html("<h2>Failed</h2>");
-                        statusDiv.append("<div>with fileError</div>");
+                        statusDiv.html("<h3><span class='text-danger'><liferay-ui:message key="failed" /> : </span> </h3>");
+                        statusDiv.append("<div><liferay-ui:message key="with.file.error" /></div>");
+                        uploadButton.hide();
+                        spinnerDiv.hide();
+                        cleanupDuplicateAttachment(attIds);
+                        $(dialogDivId).find("[data-dismiss='modal']").each(function(index, element) {
+                            $(this).removeAttr('disabled');
+                        });
                     });
                 },
                 function() {
                     // afterShowFn
                 }
             );
-        });
+        }
     });
 </script>
 
diff --git a/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/utils/includes/searchReleases.jsp b/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/utils/includes/searchReleases.jsp
index 8cffd46666..2054048e6c 100644
--- a/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/utils/includes/searchReleases.jsp
+++ b/frontend/sw360-portlet/src/main/resources/META-INF/resources/html/utils/includes/searchReleases.jsp
@@ -23,7 +23,7 @@
 
 <div class="dialogs">
 	<div id="searchReleasesDialog" data-title="<liferay-ui:message key="link.releases" />" class="modal fade" tabindex="-1" role="dialog">
-		<div class="modal-dialog modal-lg modal-dialog-centered modal-dialog-scrollable" role="document">
+		<div class="modal-dialog modal-lg modal-dialog-centered modal-dialog-scrollable mw-100 w-50" role="document">
 		    <div class="modal-content">
 			<div class="modal-body container">
 
diff --git a/frontend/sw360-portlet/src/main/resources/META-INF/resources/js/utils/includes/clipboard.js b/frontend/sw360-portlet/src/main/resources/META-INF/resources/js/utils/includes/clipboard.js
index 5f58192a06..ab3d1cb629 100644
--- a/frontend/sw360-portlet/src/main/resources/META-INF/resources/js/utils/includes/clipboard.js
+++ b/frontend/sw360-portlet/src/main/resources/META-INF/resources/js/utils/includes/clipboard.js
@@ -10,36 +10,23 @@
  */
 define('utils/includes/clipboard', ['jquery'], function($) {
 
-const toast = '<div class="toast w-25 position-absolute fixed-top"> <div class="toast-header">'+Liferay.Language.get('copied')+'</div></div>';
-const Failedtoast = '<div class="toast w-25 position-absolute fixed-top"> <div class="toast-header">'+Liferay.Language.get('failed')+'</div></div>';
+const toast = '<div class="toast position-absolute d-inline" data-delay="2100"> <div class="toast-header">'+Liferay.Language.get('copied')+'</div></div>';
+const Failedtoast = '<div class="toast position-absolute d-inline" data-delay="2100"> <div class="toast-header">'+Liferay.Language.get('failed')+'</div></div>';
 
-    function copyToClipboard(text, textSelector, alterDefaultDisplay) {
+    function copyToClipboard(text, textSelector) {
         navigator.clipboard.writeText(text)
         .then(() => {
             $(textSelector).append(toast);
-            if(alterDefaultDisplay) {
-                removeWidthClassAndAddInlineDisplay(textSelector);
-            }
-            $('.toast').toast({delay: 2000});
             $('.toast').toast('show');
         })
-        .catch((error) => {
+        .catch(() => {
             $(textSelector).append(Failedtoast);
-            if(removeWidthClassAndAddInlineDisplay) {
-                removeWidthClassAndAddInlineDisplay(textSelector);
-            }
-            $('.toast').toast({delay: 2000});
             $('.toast').toast('show');
         })
 
         setTimeout(function() {
             $(textSelector+" .toast").remove();
-        }, 2000);
-    }
-
-    function removeWidthClassAndAddInlineDisplay(textSelector) {
-        $(textSelector).find("div.toast:first").removeClass("w-25");
-        $(textSelector).find("div.toast-header:first").addClass("d-inline");
+        }, 2200);
     }
 
 	return {
diff --git a/frontend/sw360-portlet/src/main/resources/content/Language.properties b/frontend/sw360-portlet/src/main/resources/content/Language.properties
index 9dc23a8895..3b0b4192f1 100644
--- a/frontend/sw360-portlet/src/main/resources/content/Language.properties
+++ b/frontend/sw360-portlet/src/main/resources/content/Language.properties
@@ -2,6 +2,7 @@ accepted=Accepted
 accept.request=Accept Request
 access=Access
 access.denied=Access Denied
+access.denied.2=ACCESS DENIED
 access.token=Access Token
 access.token.validity=Access Token Validity
 accountant=Accountant
@@ -23,6 +24,7 @@ add.license.info.to.release=Add License Info to Release
 add.user=Add User
 added.project.links=Added Project Links
 added.release.links=Added Release Links
+added.successfully=added successfully
 additional.data=Additional Data
 additional.data.name=additional data name
 additional.data.value=additional data value
@@ -221,6 +223,8 @@ clearing.team.will.confirm.on.the.agreed.clearing.date=Clearing team will confir
 cli.attachment.evaluation.completed=CLI attachment evaluation completed.
 cli.attachment.not.found.in.the.release=CLI attachment not found in the release
 cli.count=CLI count
+click.on.upload.and.import.button=Click on upload & import button
+click.the.url.to.open.project.details.page=Click the URL to open project details page
 click.to.add.oidc.client=Click to add OIDC client
 click.to.add.releases=Click to add Releases
 click.to.add.row.to=Click to add row to
@@ -230,6 +234,7 @@ click.to.add.row.to.external.ids=Click to add row to External Ids
 click.to.add.row.to.external.urls=Click to add row to External URLs
 click.to.add.secondary.department.and.roles=Click to add Secondary Department and Roles
 click.to.edit=Click to edit
+click.to.link.a.release=Click to link a Release
 click.to.set.department=Click to set Department
 click.to.expand.or.collapse=Click to expand or collapse
 click.to.set.licenses=Click to set Licenses
@@ -264,7 +269,10 @@ component.owner=Component Owner
 component.visibility=Component visibility
 components=Components
 components2=component(s)
+components.created=Components created
 components.only=Components only
+components.reused=Components reused
+components.were.not.imported.because.multiple.duplicate.components.are.found.with.exact.same.name=Components were not imported, because multiple duplicate components are found with exact same name
 components.with.releases=Components with releases
 components.with.the.same.identifier.name=Components with the same identifier [name]
 component.type=Component Type
@@ -313,6 +321,8 @@ create.component=Create Component
 created.by=Created by
 created.by.email=Created by (Email)
 created.on=Created on
+created.project.with.id=Created project with id
+created.project.with.name=Created project with name
 created.successfully=created successfully
 create=Create
 create.license=Create License
@@ -339,11 +349,22 @@ current.release=Current Release
 current.release.relationship=Current Release relationship
 current.selection.will.be.overwritten=Current selection will be overwritten!
 current.value=Current Value
+currently.only.cyclonedx.sbom.export.is.supported=Currently only CycloneDX SBOM export is supported
 customer.project=Customer Project
 cve.id=CVE ID
 cve.references=CVE references
 cve.search=CVE Search
 cvs=CVS
+cyclonedx=CycloneDX
+CycloneDxComponentType=Specifies the type of component. For software components, classify as application if no more specific appropriate classification is available or cannot be determined.&#10APPLICATION: A software application.&#10CONTAINER: A packaging and/or runtime format, not specific to any particular technology.&#10DEVICE: A hardware device such as a processor, or chip-set.&#10FILE: A computer file.&#10FIRMWARE: A special type of software that provides low-level control over a devices hardware.&#10FRAMEWORK: A software framework. If the library also has key features of a framework, then it should be classified as a framework.&#10LIBRARY: A software library. All third-party and open source reusable components will likely be a library.&#10OPERATING_SYSTEM: A software operating system without regard to deployment model.
+CycloneDxComponentType-APPLICATION=A software application.
+CycloneDxComponentType-CONTAINER=A packaging and/or runtime format, not specific to any particular technology,&#10which isolates software inside the container from software outside of a container through virtualization technology.
+CycloneDxComponentType-DEVICE=A hardware device such as a processor, or chip-set.&#10A hardware device containing firmware should include a component for the physical hardware itself,&#10and another component of type 'firmware' or 'operating-system' (whichever is relevant),&#10describing information about the software running on the device.
+CycloneDxComponentType-FILE=A computer file.
+CycloneDxComponentType-FIRMWARE=A special type of software that provides low-level control over a devices hardware.
+CycloneDxComponentType-FRAMEWORK=A software framework. If the library also has key features of a framework, then it should be classified as a framework.
+CycloneDxComponentType-LIBRARY=A software library. All third-party and open source reusable components will likely be a library.&#10If the library also has key features of a framework, then it should be classified as a framework.&#10If not, or is unknown, then specifying library is recommended.
+CycloneDxComponentType-OPERATING_SYSTEM=A software operating system without regard to deployment model&#10(i.e. installed on physical hardware, virtual machine, image, etc).
 darcs=Darcs
 database.administration=Database Administration
 database.sanitation=Database Sanitation
@@ -365,6 +386,7 @@ delete.component=Delete Component
 deleted.project=Deleted Project
 deleted.project.relationship=Deleted Project Relationship
 deleted.linked.project.enable.svm=Deleted Linked Project Enable SVM
+deleted.successfully=Deleted successfully
 delete.item=Delete Item
 delete.license=Delete License
 delete.license.type=Delete License Type
@@ -432,6 +454,7 @@ do.you.really.want.to.delete.the.license.type.x=Do you really want to delete the
 do.you.really.want.to.delete.the.license.type.y=Do you really want to delete the license type <licenseType>?
 do.you.really.want.to.delete.the.obligation.x=Do you really want to delete the obligation <b data-name="title"></b>
 do.you.really.want.to.delete.the.vendor.x=Do you really want to delete the vendor <b data-name="name"></b>
+do.you.really.want.to.export.sbom.for.the.project.x=Do you really want to export SBOM for the project <b data-name="projectName"></b>?
 do.you.really.want.to.import.all.spdx.all.licenses=Do you really want to import all SPDX all licenses?
 do.you.really.want.to.remove.the.link.to.project.x=Do you really want to remove the link to project <b data-name="project"></b>?
 do.you.really.want.to.remove.the.link.to.release.x=Do you really want to remove the link to release <b data-name="release"></b>?
@@ -439,6 +462,7 @@ do.you.really.want.to.remove.the.link.to.release.x.1=Do you really want to remov
 do.you.really.want.to.remove.this.item=Do you really want to remove this item?
 drop.a.file.here=Drop a File Here
 duplicate=Duplicate
+duplicate.sbom=DUPLICATE SBOM
 dynamically.linked=Dynamically linked
 ecc.admin=ECC Admin
 ecc.assessment.date=ECC Assessment Date
@@ -510,6 +534,7 @@ enter.folder.id=Enter folder id
 enter.fullname=Enter Fullname
 enter.group=Enter Group
 enter.home.url=Enter Home Url
+enter.homepage.url=Enter Homepage Url
 enter.mail.address=Enter mail address
 enter.mailing.list.url=Enter Mailing List Url
 enter.material.index.number=Enter material index number
@@ -524,6 +549,7 @@ enter.owner.billing.group=Enter Owner Billing Group
 enter.owners.accounting.unit=Enter owner's accounting unit
 enter.owners.billing.group=Enter Owner Billing Group
 enter.project=Enter project
+enter.purl=Enter PURL
 enter.release=Enter release
 enter.release.date=Enter Release Date
 enter.request.id=Enter request ID
@@ -547,6 +573,7 @@ enter.user.lastname=Enter user last name
 enter.user.primary.department=Enter user primary department
 enter.user.primary.roles=Enter user primary roles
 enter.user.pwd=Enter user password
+enter.vcs.url=Enter VCS Url
 enter.vendor=Enter vendor
 enter.vendor.fullname=Enter vendor fullname
 enter.vendor.short.name=Enter vendor short name
@@ -606,14 +633,20 @@ failed.to.add.licenses=Failed to add licenses
 failed.to.create.clearing.request=Failed to create clearing request!
 failed.to.delete.the.obligation=Failed to delete the obligation!
 failed.to.edit.secondary.departments.and.roles.for.user=Failed to edit Secondary Departments and Roles for user
+failed.to.export.sbom.for.project=Failed to export SBOM for project
 failed.to.fetch.clearing.request.from.db=Failed to fetch clearing request from database!
+failed.to.import.sbom=Failed to import SBOM
 failed.to.load=Failed to load!
+failed.to.load.sbom.import.status.for.attachment=Failed to load SBOM import status for attachment
 failed.to.load.scanner.findings.with.error=Failed to load Scanner findings with error
 failed.to.load.source.file.with.error=Failed to load source file with error
 failed.to.reopen.clearing.request=Failed to reopen clearing request!
+failed.to.sync.releases=Failed to sync Releases
+failed.to.sync.releases.with.error=Failed to sync Releases with error
 failed.to.update.clearing.request=Failed to update clearing request!
 FAILURE=FAILURE
 field.name=Field Name
+file=File
 file.name=File name
 filename=Filename
 fill.the.form.to.create.clearing.request.for.project.x=Fill the form to create clearing request for project <b data-name="name"></b>
@@ -664,6 +697,7 @@ homepage=Homepage
 homepage.url=Homepage URL
 how.it.works=How it works
 ibm.rational.synergy=IBM Rational Synergy
+include.releases.from.sub.projects.in.exported.sbom=Include releases from sub-projects in exported SBOM
 i.could.not.cleanup.the.attachments=I could not cleanup the attachments!
 i.could.not.delete.the.client=I could not delete the client
 i.could.not.delete.the.component=I could not delete the component
@@ -693,9 +727,12 @@ import=Import
 import.export=Import & Export
 import.failed=Import failed.
 import.projects=Import Projects
-import.spdx.bom=Import SBOM
+import.sbom=Import SBOM
 import.spdx.information=Import SPDX Information
 import.spdx.licenses=Import SPDX licenses
+import.will.fail.if.there.is.already.an.existing.project.with.same.name.and.version.as.component.present.in.sbom=Import will <span class="font-weight-bold text-danger">fail</span> if there is already an existing project with same name and version as component present in SBOM
+import.will.fail.if.current.project.name.and.version.is.not.same.as.component.present.in.sbom=Import will <span class="font-weight-bold text-danger">fail</span> if current project name and version is not same as component present in SBOM
+imported.sbom.into.project=imported SBOM into project
 incorrect=Incorrect
 info=Info
 infoempty=Showing 0 to 0 of 0 entries
@@ -704,6 +741,7 @@ in.case.you.need.the.clearing.at.an.earlier.date.then.the.preferred.date.that.is
 in.order.to.go.ahead.please.sign.in.or.create.a.new.account=In order to go ahead, please sign in or create a new account!
 in.progress=In Progress
 in.queue=In Queue
+in.sbom.file=in SBOM file
 inaccessible.component=Restricted component
 inaccessible.count=Other restricted items
 inaccessible.release=Restricted release
@@ -740,6 +778,7 @@ lead.architect=Lead Architect
 learn.more.about.clearing.request.priority=Learn more about clearing request priority.
 learn.more.about.clearing.request.status=Learn more about clearing request status.
 learn.more.about.component.types=Learn more about component types.
+learn.more.about.cyconedx.component.types=Learn more about CycloneDx component types.
 learn.more.about.ecc.statuses=Learn more about ECC statuses.
 learn.more.about.mainline.states=Learn more about mainline states.
 learn.more.about.project.types=Learn more about project types.
@@ -775,15 +814,17 @@ license.x.is.not.unique.license.is.not.excluded='License "' + licenseId + '" is
 license.x.not.found.license.is.not.excluded='License "' + licenseId + '" not found. License is not excluded.'
 lifecycle=Lifecycle
 linked.projects=linked projects
-linked.releases=linked releases
+linked.release=Linked Release
+linked.releases=Linked Releases
 linked.releases.and.projects=Linked Releases And Projects
 link.project=Link Project
 link.projects=Link Projects
-link.releases=Link releases
+link.releases=Link Releases
 link.release.to.project=Link Release to Project
 links=Links
 link.to.project=Link to Project
 link.to.projects=Link to Projects
+list.of.components.without.version.information=List of Components without version information
 list.view=List View
 loading=Loading...
 loading.data.for.step.1.please.wait=Loading data for step 1, please wait...
@@ -876,6 +917,7 @@ no.license.found.with.your.search=No license found with your search.
 no.license.risks.analysis.available=No license risks analysis available.
 no.linked.obligations=No linked obligations.
 no.linked.releases.or.projects=No linked releases or projects
+no.linked.release=No Linked Release
 no.linked.releases.yet=No linked releases yet.
 no.matching.records.found=No matching records found
 no.moderation.requests.found=No moderation requests found.
@@ -898,6 +940,8 @@ none.of.the.directly.linked.releases.are.cleared=None of the directly linked rel
 not.applicable=Not Applicable
 not.available=not available
 not.checked=Not Checked
+not.imported=not imported
+not.linked.to.any.release=not linked to any release
 in.analysis=In Analysis
 not.decided.so.far=Not decided so far
 not.loaded.yet=Not loaded yet
@@ -930,6 +974,7 @@ only.administrators.can.edit.a.closed.project=Only administrators can edit a clo
 only.admin.users.can.delete.obligations=Only admin users can delete obliations!
 only.approved=Only Approved
 only.current.or.future.date.is.considered.as.valid=Only current or future date is considered as valid
+only.user.with.role.x.and.above.have.permission.to.import.or.export.the.sbom=Only user with role: <b>\"+ data.message +\"</b> and above have permission to import or export the SBOM
 open=Open
 open.clearing.requests=Open Clearing Requests
 open.components=Open Components
@@ -938,6 +983,7 @@ operating.systems=Operating Systems
 operation=Operation
 optional=Optional
 or=Or
+or2=or
 org1=org1
 org2=org2
 org3=org3
@@ -1005,12 +1051,16 @@ please.enter.the.title=Please enter the title!
 please.enter.the.user.name=Please enter the user name!
 please.enter.user.key=Please enter user key
 please.enter.valid.access.token.validity=Please enter valid access token validity
+please.enter.valid.name=Please enter valid name!
+please.enter.valid.purl=Please enter valid PURL!
 please.enter.valid.refresh.token.validity=Please enter valid refresh token validity
+please.enter.valid.version=Please enter valid version!
 please.enter.your.external.id=Please enter your external id!
 please.enter.your.first.email=Please enter your first email!
 please.enter.your.first.name=Please enter your first name!
 please.enter.your.last.name=Please enter your last name!
 please.fill.a.z.A.Z.0.9.-...+.only=Please fill [a-z][A-Z][0-9][-.+ ] only!
+please.import.this.sbom.from.project.details.page=Please import this SBOM from project details page
 please.migrate.all.releases.and.keep.the.existing.ones=Please migrate all releases and keep the existing ones!
 please.perform.a.new.search=Please perform a new search.
 please.select.a.file=Please select a file!
@@ -1018,8 +1068,10 @@ please.select.a.group=Please select a group!
 please.select.a.role=Please select a role!
 please.select.the.project.type=Please select the project type!
 please.select.the.project.visibility=Please select the project visibility!
+please.select.the.sbom.format=Please select the SBOM format
 please.select.the.component.visibility=Please select the component visibility!
 please.select.the.server=Please select the server!
+please.upload.the=Please upload the
 prease.enter.a.valid.url=Please enter a valid URL!
 possible.main.license.ids=Possible Main License Ids:
 postpone.request=Postpone Request
@@ -1047,6 +1099,7 @@ project.import.bdp=Project Import (BDP)
 project.mainline.state=Project Mainline State
 project.manager=Project manager
 project.name=Project name
+project.name.and.version.x.present.in.sbom.metadata.tag.is.not.same.as.the.current.sw360.project=Project name (version): <b>\"+ data.projectName +\"</b> present in SBOM <span class='font-weight-bold text-monospace text-danger'>metadata</span> tag is not same as the current SW360 project
 project.name.first.letters=Project Name (first letters)
 project.namelinks=Project NameLinks
 project.obligation.status=Project Obligation Status
@@ -1078,6 +1131,8 @@ proposed.changes=Proposed Changes
 proposed.user.attributes=Proposed User Attributes
 ptc.integrity=PTC Integrity
 publish.date=Publish Date
+purl=Purl
+purl.package.url=PURL (Package URL)
 quality.manager=Quality manager
 quick.filter=Quick Filter
 rate=Rate
@@ -1088,6 +1143,7 @@ read.and.write.access=Read and Write Access
 recent.components=Recent Components
 recent.releases=Recent Releases
 re.check.connection=Re-Check connection
+redirecting.to.project.details.page=redirecting to project details page
 references=References
 reference.doc=Reference Doc
 refresh=Refresh
@@ -1097,6 +1153,8 @@ related=Related
 relation=Relation
 release=Release
 releases=Releases
+releases.created=Releases created
+releases.reused=Releases reused
 release.aggregate.data=Release Aggregate Data
 release.bulk.edit=Release Bulk Edit
 release.clearing.state=Release clearing state
@@ -1106,12 +1164,16 @@ release.date.of.this.release=Release Date of this Release
 release.filter=Release Filter
 release.mainline.state=Release Mainline State
 release.name=Release name
+release.name.with.version=Release Name (version)
 release.namelinks=Release NameLinks
 release.namesource.attachments.count=Release NameSource Attachments Count
 release.overview=Release Overview
 release.path=Release Path
 release.relation=Release relation
 release.relationship=Release relationship
+releases.synced.successfully.please.reload.the.page.to.see.the.changes=Releases synced successfully, Please <a href="javascript:window.location.reload(true)">reload</a> the page to see the changes
+releases.are.already.in.sync.no.action.needed=Releases are already in sync! No action needed
+releases.were.not.imported.because.multiple.duplicate.releases.are.found.with.exact.same.name.and.version=Releases were not imported, because multiple duplicate releases are found with exact same name & version
 ReleaseRelationship="Unkown: If you just do not know &#10Contained: If you just do not know whether it is dynamically linked &#10Refered: Referencing a stand alone used other part &#10Dynamically Linked: Software dynamically linked - as the name says &#10Statically linked: Software statically linked - as the name says &#10Side by side: Not decided so far &#10Standalone: Software is given as standalone delivery, ie. not technically connected &#10Internal Use: Used for creating or building or ? the product or projects but not delivered &#10Optional: Is not mandatory part of the installation &#10To be replaced: Is there but should be moved out &#10Code Snippet: From references release, a fragment is used.";
 ReleaseRelationship-CONTAINED=If you just do not know whether it is dynamically linked.
 ReleaseRelationship-DYNAMICALLY_LINKED=Software dynamically linked - as the name says.
@@ -1183,6 +1245,15 @@ save.configuration=Save configuration
 saved.attachment.usages=Saved attachment usages.
 save.obligations=Save Obligations
 save.usages=Save Usages
+sbom=SBOM
+sbom.document=SBOM document
+sbom.exported.successfully=SBOM exported successfully
+sbom.failed.sanity.check=SBOM FAILED SANITY CHECK
+sbom.format=SBOM format
+sbom.import.failed=SBOM Import Failed
+sbom.import.status=SBOM Import Status
+sbom.import.statistics.for=SBOM Import Statistics for
+sbom.imported.successfully=SBOM imported successfully
 scanned=Scanned
 scan.available=Scan available
 scan.the.sources=Scan the sources
@@ -1269,6 +1340,7 @@ source.file.information.not.found.in.cli=Source file information not found in CL
 source.file.information.not.found.in.isr=Source file information not found in ISR
 source.release=Source release: 
 source.vendor=Source vendor
+spdx=SPDX
 spdx.attachments=SPDX Attachments
 special.risk.open.source.software=Special risk Open Source Software
 special.risks.3rd.party.software=Special risks 3rd party software
@@ -1303,11 +1375,13 @@ sw360.admin=SW360 Admin
 sw360.is.an.open.source.software.project.that.provides.both.a.web.application.and.a.repository.to.collect=SW360 is an open source software project that provides both a web application and a repository to collect,
 sw360.is.an.open.source.software.project.that.provides.both.a.web.application.and.a.repository.to.collect.organize.and.make.available.information.about.software.components.it.establishes.a.central.hub.for.software.components.in.an.organization=SW360 is an open source software project that provides both a web application and a repository to collect, organize and make available information about software components. It establishes a central hub for software components in an organization.
 sw360.user=SW360 User
+sync=Sync
 system.test.begin=System test begin
 system.test.begin.date.yyyy.mm.dd=System test begin date YYYY-MM-DD
 system.test.end=System test end
 system.test.end.date.yyyy.mm.dd=System test end date YYYY-MM-DD
 tag=Tag
+tag2=tag
 target.component=Target component
 target.release=Target release: 
 target.vendor=Target vendor:
@@ -1342,6 +1416,7 @@ the.user.x.will.be.added.to.the.list.of.moderators="The user <b class='user'>" +
 the.verification.of.vulnerabilities.will.be=The verification of <strong data-name="vulnerabilityCount"></strong> vulnerabilities will be changed to <strong data-name="verification"></strong>.
 this.component.x.contains=This component <b data-name="name"></b> contains:
 this.component.x.contains.y.attachments=This component <span data-name="name"></span> contains <b><span data-name="attachments"></span></b> attachments.
+this.currently.only.supports.spdx.rdf.xml.files.with.a.unique.described.top.level.node=This currently only supports SPDX RDF/XML files with a unique described top level node
 this.error.can.lead.to.inconsistencies.in.the.database.please.inform.the.administrator.that.the.following.vendors.could.not.be.merged=This error can lead to inconsistencies in the database. Please inform the administrator that the following vendors could not be merged:
 this.error.can.lead.to.inconsistencies.in.the.database.please.inform.the.administrator.with.the.following.information=This error can lead to inconsistencies in the database. Please inform the administrator with the following information:
 this.function.is.meant.to.be.followed.by.a.new.license.import=This function is meant to be followed by a new license import.
@@ -1353,12 +1428,16 @@ this.project.contains=This project  contains
 this.project.x.contains=This project <b data-name="name"></b> contains:
 this.release.x.contains=This release <b data-name="name"></b> contains:
 this.release.x.contains.1=This release <span data-name="name"></span> contains
+time.taken.for.export=Time taken for export
+time.taken.for.import=Time taken for import
 title=Title
 to=To
 to.be.replaced=To be replaced
 to.view.the.files.corresponding.to.each.licenses.go.to.clearing.details.tab.of.respective.release=To view the files corresponding to each licenses, go to "Clearing Details" tab of respective Release.
 today=Today
+total.components=Total Components
 total.number.of.files=Total number of files
+total.releases=Total Releases
 enable.svm=Enable SVM
 obligation=Obligation
 obligation.details=Obligation Details
@@ -1397,6 +1476,7 @@ update.vendor=Update Vendor
 update.whitelist=Update Whitelist
 updating.the.moderation.request.failed=Updating the moderation request failed.
 upload=Upload
+upload.and.import=Upload & Import
 upload.attachment=Upload Attachment
 upload.component.attachments=Upload Component Attachments
 upload.component.csv=Upload Component CSV
@@ -1406,8 +1486,10 @@ uploaded.on=Uploaded On
 upload.license.archive=Upload License Archive
 upload.licenses=Upload Licenses
 upload.release.links=Upload Release Links
+upload.successful.importing.of.sbom.is.in.progress=Upload successful, Importing of SBOM is in progress
 upload.the.sources.to.fossology=Upload the sources to FOSSology
 upload.users=Upload Users
+uploading.sbom.file=Uploading SBOM file
 url=URL
 usage.overview=Usage overview
 usage.right.available=Usage Right Available
@@ -1428,6 +1510,8 @@ users.already.in.couchdb=Users already in Couch DB
 users.not.in.couchdb=Users not in Couch DB
 use.selection.of.this.subproject=Use selection of this subproject
 valid.for.projects=Valid for Projects
+vcs=VCS
+vcs.version.control.system=VCS (Version Control System)
 vender=Vender
 vendor=Vendor
 vendor.advisories=Vendor advisories
@@ -1442,12 +1526,14 @@ VerificationState-INCORRECT=It was decided that the verification should be rejec
 VerificationState-NOT_CHECKED=No one has yet looked at this and verified it.
 version=Version
 very.large=Very Large
+via.purl=via PURL
 view.clearing.request=View Clearing Request
 view.clearing.request.failure.message=We are not able to find the clearing request [ID: <b data-name="crId"></b>] in db for the project <b data-name="projectName"></b><br>Try again later.
 view.by.releases=View by Releases
 view.change.logs=View Change Logs
 view.file.list=View file list
 view.obligations=View Obligations
+view.sbom.import.result=View SBOM import result
 view.scanner.findings.license=View scanner findings (License)
 visibility=Visibility
 Visibility=Private: Only visible by creator (and admin which applies to all visibility levels) &#10Me and Moderators: Visible by creator and moderators &#10Group and Moderators: All users of the same group and the moderators &#10Everyone: Every user who is logged into the system
@@ -1475,12 +1561,14 @@ whitesource.organization.api.key=Whitesource organization API key
 whitesource.user.key=Whitesource user key
 with.attachments=With Attachments
 with.cli.attachments=With CLI Attachments
+with.file.error=with fileError
 without.attachments=Without Attachments
 without.source.attachments=Without Source Attachments
 wiki=Wiki
 wiki.url=Wiki URL
 will.be.fulfilled.before.release=Will be fulfilled before release
 will.be.set.automatically=Will be set automatically
+will.not.be.created.if.it.does.not.contain=will not be created if it does not contain
 write.access=Write Access
 wsimport=wsimport
 x.rows.selected=%d rows selected
@@ -1491,6 +1579,7 @@ you.are.removed.from.the.list.of.moderators.for.the.previous.moderation.request=
 you.are.signed.in.please.go.ahead.using.sw360=You are signed in, please go ahead using SW360!
 you.are.the.last.moderator.for.this.request.you.are.not.allowed.to.unsubscribe=You are the last moderator for this request - you are not allowed to unsubscribe.
 you.do.not.have.any.open.moderation.requests=You do not have any open moderation requests.
+you.do.not.have.permission.to.import.or.export.the.sbom=You do not have permission to import or export the SBOM
 you.do.not.own.any.components=You do not own any components.
 you.do.not.own.any.projects=You do not own any projects.
 you.have.accepted.the.previous.moderation.request=You have accepted the previous moderation request.
@@ -1729,3 +1818,12 @@ cve.number.must.be.positive.number = Cve Number Must Be Positive Number
 ## Refer to http://cdn.datatables.net/plug-ins/9dcbecd42ad/i18n/ and add your datatables language
 
 datatables.lang=https://cdn.datatables.net/plug-ins/9dcbecd42ad/i18n/English.json
+
+## CycloneDX Component Type
+application=Application
+container=Container
+device=Device
+firmware=Firmware
+framework=Framework
+library=Library
+operating.system=Operating System
diff --git a/frontend/sw360-portlet/src/main/resources/content/Language_ja.properties b/frontend/sw360-portlet/src/main/resources/content/Language_ja.properties
index fc14637ca3..fd3a45be8d 100644
--- a/frontend/sw360-portlet/src/main/resources/content/Language_ja.properties
+++ b/frontend/sw360-portlet/src/main/resources/content/Language_ja.properties
@@ -2,6 +2,7 @@ accepted=承認
 accept.request=アクセスリクエスト
 access=アクセス
 access.denied=アクセス拒否
+access.denied.2=ACCESS DENIED
 access.token=アクセストークン
 access.token.validity=アクセストークンの有効期間
 accountant=会計士
@@ -22,6 +23,7 @@ add.data.to.this.release=このリリースにデータを追加
 add.license.info.to.release=ライセンス情報をリリースに追加
 added.project.links=プロジェクトのリンク追加
 added.release.links=リリースのリンク追加
+added.successfully=added successfully
 additional.data=追加データ
 additional.data.name=追加データ名
 additional.data.value=付加データ値
@@ -221,6 +223,8 @@ clearing.team.will.confirm.on.the.agreed.clearing.date=クリアリングチー
 cli.attachment.evaluation.completed=CLI attachment evaluation completed.
 cli.attachment.not.found.in.the.release=CLI attachment not found in the release
 cli.count=CLI count
+click.on.upload.and.import.button=Click on upload & import button
+click.the.url.to.open.project.details.page=Click the URL to open project details page
 click.to.add.oidc.client=Click to add OIDC client
 click.to.add.releases=クリックしてリリースを追加
 click.to.add.row.to=クリックして行を追加
@@ -230,6 +234,7 @@ click.to.add.row.to.external.ids=クリックして外部ID追加
 click.to.add.row.to.external.urls=クリックして外部URLの行を追加
 click.to.add.secondary.department.and.roles=クリックして第二所属部門とロールを追加
 click.to.edit=クリックして編集
+click.to.link.a.release=Click to link a Release
 click.to.set.department=クリックして部門を設定
 click.to.expand.or.collapse=Click to expand or collapse
 click.to.set.licenses=クリックしてライセンスを設定
@@ -264,7 +269,10 @@ component.owner=コンポーネントオーナー
 component.visibility=コンポーネントの可視性
 components=コンポーネント
 components2=コンポーネント
+components.created=Components created
 components.only=コンポーネントのみ
+components.reused=Components reused
+components.were.not.imported.because.multiple.duplicate.components.are.found.with.exact.same.name=Components were not imported, because multiple duplicate components are found with exact same name
 components.with.releases=リリースされたコンポーネント
 components.with.the.same.identifier.name=同じ識別子[名前]を持つコンポーネント
 component.type=コンポーネントタイプ
@@ -313,6 +321,8 @@ create.component=コンポーネントの作成
 created.by=作成者
 created.by.email=Created by (Email)
 created.on=作成日
+created.project.with.id=Created project with id
+created.project.with.name=Created project with name
 created.successfully=作成成功
 create=作成
 create.license=ライセンスの作成
@@ -339,11 +349,22 @@ current.release=現在のリリース
 current.release.relationship=現在のリリース関係
 current.selection.will.be.overwritten=現在の選択範囲が上書きされます
 current.value=現在の値
+currently.only.cyclonedx.sbom.export.is.supported=Currently only CycloneDX SBOM export is supported
 customer.project=顧客プロジェクト
 cve.id=CVE ID
 cve.references=CVE リファレンス
 cve.search=CVE検索
 cvs=cvs
+cyclonedx=CycloneDX
+CycloneDxComponentType=Specifies the type of component. For software components, classify as application if no more specific appropriate classification is available or cannot be determined.&#10APPLICATION: A software application.&#10CONTAINER: A packaging and/or runtime format, not specific to any particular technology.&#10DEVICE: A hardware device such as a processor, or chip-set.&#10FILE: A computer file.&#10FIRMWARE: A special type of software that provides low-level control over a devices hardware.&#10FRAMEWORK: A software framework. If the library also has key features of a framework, then it should be classified as a framework.&#10LIBRARY: A software library. All third-party and open source reusable components will likely be a library.&#10OPERATING_SYSTEM: A software operating system without regard to deployment model.
+CycloneDxComponentType-APPLICATION=A software application.
+CycloneDxComponentType-CONTAINER=A packaging and/or runtime format, not specific to any particular technology,&#10which isolates software inside the container from software outside of a container through virtualization technology.
+CycloneDxComponentType-DEVICE=A hardware device such as a processor, or chip-set.&#10A hardware device containing firmware should include a component for the physical hardware itself,&#10and another component of type 'firmware' or 'operating-system' (whichever is relevant),&#10describing information about the software running on the device.
+CycloneDxComponentType-FILE=A computer file.
+CycloneDxComponentType-FIRMWARE=A special type of software that provides low-level control over a devices hardware.
+CycloneDxComponentType-FRAMEWORK=A software framework. If the library also has key features of a framework, then it should be classified as a framework.
+CycloneDxComponentType-LIBRARY=A software library. All third-party and open source reusable components will likely be a library.&#10If the library also has key features of a framework, then it should be classified as a framework.&#10If not, or is unknown, then specifying library is recommended.
+CycloneDxComponentType-OPERATING_SYSTEM=A software operating system without regard to deployment model&#10(i.e. installed on physical hardware, virtual machine, image, etc).
 darcs=Darcs
 database.administration=データベース管理
 database.sanitation=データベース状態
@@ -365,6 +386,7 @@ delete.component=コンポーネント削除
 deleted.linked.project.enable.svm=プロジェクトにリンクされているSVM(Security Vulnerability Monitor)を削除
 deleted.project=プロジェクト削除
 deleted.project.relationship=関連プロジェクト削除
+deleted.successfully=Deleted successfully
 delete.item=項目削除
 delete.license=ライセンス削除
 delete.license.type=ライセンスタイプ削除
@@ -432,6 +454,7 @@ do.you.really.want.to.delete.the.project.x=プロジェクト <b data-name="name
 do.you.really.want.to.delete.the.release.x=本当にリリース <b data-name="name"> を削除しますか？
 do.you.really.want.to.delete.the.todo.x=本当にtodo <b data-name="title"></b> を削除しますか？
 do.you.really.want.to.delete.the.vendor.x=本当にベンダー<b data-name="name"></b> を削除しますか？
+do.you.really.want.to.export.sbom.for.the.project.x=Do you really want to export SBOM for the project <b data-name="projectName"></b>?
 do.you.really.want.to.import.all.spdx.all.licenses=あなたは本当にすべてのSPDXのすべてのライセンスをインポートしますか？
 do.you.really.want.to.remove.the.link.to.project.x=あなたは本当にプロジェクトへのリンクを削除しますか <b data-name="project"></b>?
 do.you.really.want.to.remove.the.link.to.release.x=本当にリリースへのリンクを削除したいのでしょうか <b data-name="release"></b> ？
@@ -439,6 +462,7 @@ do.you.really.want.to.remove.the.link.to.release.x.1=本当にリリースへの
 do.you.really.want.to.remove.this.item=本当にこのアイテムを削除しますか？
 drop.a.file.here=ここにファイルをドロップ
 duplicate=複製
+duplicate.sbom=DUPLICATE SBOM
 dynamically.linked=動的にリンクされている
 ecc.admin=ECC情報管理者
 ecc.assessment.date=ECC評価日
@@ -509,6 +533,7 @@ enter.folder.id=フォルダIDを入力
 enter.fullname=フルネームを入力
 enter.group=グループを入力
 enter.home.url=ホームURLを入力
+enter.homepage.url=Enter Homepage Url
 enter.mail.address=メールアドレスを入力
 enter.mailing.list.url=メーリングリストのURLを入力
 enter.material.index.number=部品指標番号(Material index number)を入力
@@ -524,6 +549,7 @@ enter.owners.accounting.unit=所有者の会計単位を入力
 enter.owners.billing.group=会計グループオーナーを入力
 enter.project=プロジェクトを入力
 enter.refresh.token.validity=リフレッシュトークンの有効期間を入力
+enter.purl=Enter PURL
 enter.release=リリースを入力
 enter.release.date=リリース日を入力
 enter.request.id=リクエストIDを入力
@@ -546,6 +572,7 @@ enter.user.lastname=last nameを入力
 enter.user.primary.department=ユーザの第一所属部門を入力
 enter.user.primary.roles=ユーザの第一所属部門でのロールを入力
 enter.user.pwd=ユーザのパスワードを入力
+enter.vcs.url=Enter VCS Url
 enter.vendor=ベンダーを入力
 enter.vendor.fullname=ベンダーのフルネームを入力
 enter.vendor.short.name=ベンダーの略称を入力
@@ -605,14 +632,20 @@ failed.to.add.licenses=ライセンス追加失敗！
 failed.to.create.clearing.request=クリアリングリクエスト作成失敗!
 failed.to.delete.the.obligation=オブリゲーション削除失敗!
 failed.to.edit.secondary.departments.and.roles.for.user=第2所属部門とロールの編集失敗!
+failed.to.export.sbom.for.project=Failed to export SBOM for project
 failed.to.fetch.clearing.request.from.db=データベースからクリアリングリクエスト取得失敗!
+failed.to.import.sbom=Failed to import SBOM
 failed.to.load=ロード失敗!
+failed.to.load.sbom.import.status.for.attachment=Failed to load SBOM import status for attachment
 failed.to.load.scanner.findings.with.error=Failed to load Scanner findings with error
 failed.to.load.source.file.with.error=エラーによりソースファイルのロードに失敗しました．
 failed.to.reopen.clearing.request=クリアリングリクエストを再び開くのに失敗しました！
+failed.to.sync.releases=Failed to sync Releases
+failed.to.sync.releases.with.error=Failed to sync Releases with error
 failed.to.update.clearing.request=クリアリングリクエストを更新するのに失敗しました！
 FAILURE=失敗
 field.name=フィールド名
+file=File
 file.name=ファイル名
 filename=ファイル名
 fill.the.form.to.create.clearing.request.for.project.x=プロジェクトに対し，クリアリングリクエスト入力 <b data-name="name"></b>
@@ -663,6 +696,7 @@ homepage=ホームページ
 homepage.url=ホームページURL
 how.it.works=どのように動作するか
 ibm.rational.synergy=IBM Rational Synergy
+include.releases.from.sub.projects.in.exported.sbom=Include releases from sub-projects in exported SBOM
 i.could.not.cleanup.the.attachments=添付ファイルのクリーンアップができませんでした！
 i.could.not.delete.the.client=クライアントの削除ができませんでした
 i.could.not.delete.the.component=コンポーネントの削除ができませんでした
@@ -692,9 +726,12 @@ import=インポート
 import.export=インポート& エクスポート
 import.failed=インポートに失敗しました。
 import.projects=プロジェクトのインポート
-import.spdx.bom=SBOMのインポート
+import.sbom=SBOMのインポート
 import.spdx.information=SPDX情報のインポート
 import.spdx.licenses=SPDXライセンスのインポート
+import.will.fail.if.there.is.already.an.existing.project.with.same.name.and.version.as.component.present.in.sbom=Import will <span class="font-weight-bold text-danger">fail</span> if there is already an existing project with same name and version as component present in SBOM
+import.will.fail.if.current.project.name.and.version.is.not.same.as.component.present.in.sbom=Import will <span class="font-weight-bold text-danger">fail</span> if current project name and version is not same as component present in SBOM
+imported.sbom.into.project=imported SBOM into project
 incorrect=間違い
 info=Info
 infoempty=0件中0件から0件を表示
@@ -703,6 +740,7 @@ in.case.you.need.the.clearing.at.an.earlier.date.then.the.preferred.date.that.is
 in.order.to.go.ahead.please.sign.in.or.create.a.new.account=先に進むためには、サインインするか、新しいアカウントを作成してください
 in.progress=In Progress
 in.queue=待機中
+in.sbom.file=in SBOM file
 inaccessible.component=権限の無いコンポーネント
 inaccessible.count=その他 権限の無いアイテム
 inaccessible.release=権限の無いリリース
@@ -739,6 +777,7 @@ lead.architect=リードアーキテクト
 learn.more.about.clearing.request.priority=クリアリングリクエストの優先順序についてはこちらをご覧ください。
 learn.more.about.clearing.request.status=クリアリングリクエストの種類については、こちらをご覧ください。
 learn.more.about.component.types=コンポーネントの種類については、こちらをご覧ください。
+learn.more.about.cyconedx.component.types=Learn more about CycloneDx component types.
 learn.more.about.ecc.statuses=ECCのステータスについては、こちらを参照してください。
 learn.more.about.mainline.states=メインラインの状態については、こちらを参照してください。
 learn.more.about.project.types=プロジェクトの種類の詳細はこちら。
@@ -774,6 +813,7 @@ license.x.is.not.unique.license.is.not.excluded='ライセンス "' + licenseId
 license.x.not.found.license.is.not.excluded='ライセンス "' + licenseId + '" が見つかりません。ライセンスは除外されません。'
 lifecycle=ライフサイクル
 linked.projects=リンクされたプロジェクト
+linked.release=Linked Release
 linked.releases=リンクされたリリース
 linked.releases.and.projects=リンクされたリリースとプロジェクト
 link.project=リンクプロジェクト
@@ -783,6 +823,7 @@ link.release.to.project=プロジェクトへのリリース情報のリンク
 links=リンク
 link.to.project=プロジェクトへのリンク
 link.to.projects=プロジェクトへのリンク
+list.of.components.without.version.information=List of Components without version information
 list.view=リストビュー
 loading=読み込み中...
 loading.data.for.step.1.please.wait=ステップ1のデータを読み込み中です。少々お待ちください...
@@ -875,6 +916,7 @@ no.license.found.with.your.search=検索でライセンスが見つかりませ
 no.license.risks.analysis.available=利用可能なライセンスのリスク分析はありません。
 no.linked.obligations=リンクされたオブリゲーションはありません。
 no.linked.releases.or.projects=リンクされたリリースやプロジェクトはありません。
+no.linked.release=No Linked Release
 no.linked.releases.yet=リンクされたリリースはまだありません。
 no.matching.records.found=該当するレコードは見つかりませんでした
 no.moderation.requests.found=モデレーションの要求は見つかりませんでした。
@@ -897,6 +939,8 @@ none.of.the.directly.linked.releases.are.cleared=直接リンクされたリリ
 not.applicable=適用不可
 not.available=利用できない
 not.checked=未チェック
+not.imported=not imported
+not.linked.to.any.release=not linked to any release
 in.analysis=分析中
 not.decided.so.far=今のところ未定
 not.loaded.yet=まだロードされていない
@@ -937,6 +981,7 @@ operating.systems=オペレーティングシステム
 operation=操作
 optional=オプション
 or=または
+or2=or
 org1=組織1
 org2=組織2
 org3=組織3
@@ -1004,12 +1049,16 @@ please.enter.the.server.url=サーバーのURLを入力してください
 please.enter.the.user.name=ユーザー名を入力してください
 please.enter.user.key=ユーザーキーを入力してください
 please.enter.valid.access.token.validity=適切なアクセストークン有効期間を入力してください.
+please.enter.valid.name=Please enter valid name!
+please.enter.valid.purl=Please enter valid PURL!
 please.enter.valid.refresh.token.validity=適切なリフレッシュトークン有効期間を入力してください.」
+please.enter.valid.version=Please enter valid version!
 please.enter.your.external.id=外部IDを入力してください
 please.enter.your.first.email=最初のメールアドレスを入力してください
 please.enter.your.first.name=名前を入力してください
 please.enter.your.last.name=名字を入力してください
 please.fill.a.z.A.Z.0.9.-...+.only= [a-z][A-Z][0-9][-.+ ] だけ利用できます!
+please.import.this.sbom.from.project.details.page=Please import this SBOM from project details page
 please.migrate.all.releases.and.keep.the.existing.ones=すべてのリリースを移行して、既存のリリースを維持してください
 please.perform.a.new.search=新しい検索を実行してください。
 please.select.a.file=ファイルを選択してください
@@ -1017,8 +1066,10 @@ please.select.a.group=グループを選択してください
 please.select.a.role=ロールを選択してください
 please.select.the.project.type=プロジェクトの種類を選択してください
 please.select.the.project.visibility=プロジェクトの可視性を選択してください
+please.select.the.sbom.format=Please select the SBOM format
 please.select.the.component.visibility=コンポーネントの可視性を選択してください
 please.select.the.server=サーバーを選択してください
+please.upload.the=Please upload the
 prease.enter.a.valid.url=適切なURLを入力してください
 possible.main.license.ids=Possible Main License Ids:
 postpone.request=リクエスト延期
@@ -1046,6 +1097,7 @@ project.import.bdp=プロジェクトインポート(BDP)
 project.mainline.state=プロジェクト メインライン状態
 project.manager=プロジェクトマネージャー
 project.name=プロジェクト名
+project.name.and.version.x.present.in.sbom.metadata.tag.is.not.same.as.the.current.sw360.project=Project name (version): <b>\"+ data.projectName +\"</b> present in SBOM <span class='font-weight-bold text-monospace text-danger'>metadata</span> tag is not same as the current SW360 project
 project.name.first.letters=プロジェクト名の最初の文字
 project.namelinks=プロジェクト名リンク
 project.obligation.status=プロジェクトのオブリゲーション状況
@@ -1077,6 +1129,8 @@ proposed.changes=提案された変更点
 proposed.user.attributes=提案されたユーザー属性
 ptc.integrity=PTC Integrity
 publish.date=発行日
+purl=Purl
+purl.package.url=PURL (Package URL)
 quality.manager=品質管理者
 quick.filter=クイックフィルター
 rate=レート
@@ -1087,6 +1141,7 @@ read.and.write.access=Read and Write Access
 recent.components=最近の成分
 recent.releases=最近のリリース
 re.check.connection=接続の再確認
+redirecting.to.project.details.page=redirecting to project details page
 references=参考
 reference.doc=参考ドキュメント
 refresh=リフレッシュ
@@ -1096,6 +1151,8 @@ related=関連する
 relation=関係
 release=リリース
 releases=リリース
+releases.created=Releases created
+releases.reused=Releases reused
 release.aggregate.data=集計データのリリース
 release.bulk.edit=リリース一括編集
 release.clearing.state=解除クリア状態
@@ -1105,12 +1162,16 @@ release.date.of.this.release=本リリースの公開日
 release.filter=リリースフィルタ
 release.mainline.state=リリースメインライン状態
 release.name=リリース名
+release.name.with.version=Release Name (version)
 release.namelinks=リリース名リンク
 release.namesource.attachments.count=リリース名ソース添付ファイル数
 release.overview=リリース概要
 release.path=リリース パス
 release.relation=リリース関係
 release.relationship=リリース関係
+releases.synced.successfully.please.reload.the.page.to.see.the.changes=Releases synced successfully, Please <a href="javascript:window.location.reload(true)">reload</a> the page to see the changes
+releases.are.already.in.sync.no.action.needed=Releases are already in sync! No action needed
+releases.were.not.imported.because.multiple.duplicate.releases.are.found.with.exact.same.name.and.version=Releases were not imported, because multiple duplicate releases are found with exact same name & version
 ReleaseRelationship="Unkown: 不明、わからない &#10Contained: 動的リンクか不明 &#10Refered: 他部品を採用した独立したバイナリへの参照 &#10Dynamically Linked: 動的リンク &#10Statically linked: 静的リンク &#10Side by side: 決められない &#10Standalone: 独立したバイナリ &#10Internal Use: 作成またはビルドした製品またはプロジェクトだが、配布はしない &#10Optional: インストールに必要な部分ではない &#10To be replaced: 存在するが除外する予定がある &#10Code Snippet: 参照。断片だけが使用されている";
 ReleaseRelationship-CONTAINED=あなたはそれが動的にリンクされているかどうかだけではわからない場合。
 ReleaseRelationship-DYNAMICALLY_LINKED=ソフトウェアは、動的にリンクされている - 名前が言うように。
@@ -1182,6 +1243,15 @@ save.configuration=設定の保存
 saved.attachment.usages=保存されたアタッチメントの用途
 save.obligations=オブリゲーションの保存
 save.usages=使用方法を保存する
+sbom=SBOM
+sbom.document=SBOM document
+sbom.format=SBOM format
+sbom.failed.sanity.check=SBOM FAILED SANITY CHECK
+sbom.exported.successfully=SBOM exported successfully
+sbom.import.failed=SBOM Import Failed
+sbom.import.status=SBOM Import Status
+sbom.import.statistics.for=SBOM Import Statistics for
+sbom.imported.successfully=SBOM imported successfully
 scanned=スキャンされた
 scan.available=Scan available
 scan.the.sources=ソースをスキャン
@@ -1268,6 +1338,7 @@ source.file.information.not.found.in.cli=ソースファイル情報がCLIの中
 source.file.information.not.found.in.isr=Source file information not found in ISR
 source.release=ソースリリース。
 source.vendor=ソースベンダ
+spdx=SPDX
 spdx.attachments=SPDXアタッチメント
 special.risk.open.source.software=特別なリスク オープンソースソフトウェア
 special.risks.3rd.party.software=特別なリスク サードパーティソフトウェア
@@ -1302,11 +1373,13 @@ sw360.admin=SW360 管理者
 sw360.is.an.open.source.software.project.that.provides.both.a.web.application.and.a.repository.to.collect=SW360は、ウェブアプリケーションとリポジトリの両方を提供するオープンソース・ソフトウェア・プロジェクトです。
 sw360.is.an.open.source.software.project.that.provides.both.a.web.application.and.a.repository.to.collect.organize.and.make.available.information.about.software.components.it.establishes.a.central.hub.for.software.components.in.an.organization=SW360は、ソフトウェアコンポーネントに関する情報を収集、整理、利用可能にするためのウェブアプリケーションとリポジトリの両方を提供するオープンソースのソフトウェアプロジェクトです。SW360は、組織内のソフトウェアコンポーネントの一元化を行います。
 sw360.user=SW360ユーザー
+sync=Sync
 system.test.begin=システムテスト開始
 system.test.begin.date.yyyy.mm.dd=システムテスト開始日 YYYYY-MM-DD
 system.test.end=システムテスト終了
 system.test.end.date.yyyy.mm.dd=システムテスト終了日 YYYYY-MM-DD
 tag=タグ
+tag2=tag
 target.component=対象コンポーネント
 target.release=対象リリース
 target.vendor=対象のベンダー
@@ -1341,6 +1414,7 @@ the.user.x.will.be.added.to.the.list.of.moderators="このユーザー <b class=
 the.verification.of.vulnerabilities.will.be=<strong data-name="vulnerabilityCount"></strong> 件の脆弱性の検証を変更: <strong data-name="verification"></strong>.
 this.component.x.contains=このコンポーネント <<b data-name="name"></b> 
 this.component.x.contains.y.attachments=このコンポーネント <span data-name
+this.currently.only.supports.spdx.rdf.xml.files.with.a.unique.described.top.level.node=This currently only supports SPDX RDF/XML files with a unique described top level node
 this.error.can.lead.to.inconsistencies.in.the.database.please.inform.the.administrator.that.the.following.vendors.could.not.be.merged=このエラーは、データベースの不整合につながる可能性があります。次のベンダーをマージできませんでしたので、管理者にお知らせください。
 this.error.can.lead.to.inconsistencies.in.the.database.please.inform.the.administrator.with.the.following.information=このエラーにより、データベースの不整合が発生する可能性があります。管理者に以下の情報をお知らせください。
 this.function.is.meant.to.be.followed.by.a.new.license.import=この機能は、新しいライセンスのインポートに続くことを意図しています。
@@ -1352,12 +1426,16 @@ this.project.contains=このプロジェクトには以下のものが含まれ
 this.project.x.contains=このプロジェクト<b data-name="name"></b> 
 this.release.x.contains=今回のリリース <b data-name="name"></b> 
 this.release.x.contains.1=今回のリリース  <span data-name="name"></span> 
+time.taken.for.export=Time taken for export
+time.taken.for.import=Time taken for import
 title=タイトル
 to=To
 to.be.replaced=置き換わる
 to.view.the.files.corresponding.to.each.licenses.go.to.clearing.details.tab.of.respective.release=To view the files corresponding to each licenses, go to "Clearing Details" tab of respective Release.
 today=本日
+total.components=Total Components
 total.number.of.files=Total number of files
+total.releases=Total Releases
 enable.svm= SVM(Security Vulnerability Monitor)を有効
 obligation=オブリゲーション
 obligation.details=オブリゲーション詳細
@@ -1396,6 +1474,7 @@ update.vendor=ベンダー更新
 update.whitelist=ホワイトリストの更新
 updating.the.moderation.request.failed=モデレーションリクエストの更新に失敗しました。
 upload=アップロード
+upload.and.import=Upload & Import
 upload.attachment=添付ファイルアップロード
 upload.component.attachments=コンポーネントの添付ファイルアップロード
 upload.component.csv=コンポーネントCSVアップロード
@@ -1405,8 +1484,10 @@ uploaded.on=Uploaded On
 upload.license.archive=ライセンスアーカイブのアップロード
 upload.licenses=ライセンスのアップロード
 upload.release.links=リリースリンクのアップロード
+upload.successful.importing.of.sbom.is.in.progress=Upload successful, Importing of SBOM is in progress
 upload.the.sources.to.fossology=ソースをFOSSologyにアップロード
 upload.users=ユーザをアップロードする
+uploading.sbom.file=Uploading SBOM file
 url=URL
 usage.overview=使用の概要
 usage.right.available=利用権あり
@@ -1427,6 +1508,8 @@ users.already.in.couchdb=Couch DBに既にいるユーザ
 users.not.in.couchdb=Couch DBにいないユーザ
 use.selection.of.this.subproject=このサブプロジェクトの選択を使用
 valid.for.projects=プロジェクトに有効
+vcs=VCS
+vcs.version.control.system=VCS (Version Control System)
 vender=ベンダー
 vendor=ベンダー
 vendor.advisories=ベンダーアドバイザリー
@@ -1441,12 +1524,14 @@ VerificationState-INCORRECT=検証を拒否することが決定されました
 VerificationState-NOT_CHECKED=まだ誰もこれを見て検証していない。
 version=バージョン
 very.large=Very Large
+via.purl=via PURL
 view.clearing.request=クリアリングリクエストビュー
 view.clearing.request.failure.message=クリアリングリクエストを発見できない [ID: <b data-name="crId"></b>] プロジェクトのデータベース <b data-name="projectName"></b><br>再試行してください.
 view.by.releases=リリースごとに表示
 view.change.logs=変更ログビュー
 view.file.list=ファイルリストビュー
 view.obligations=オブリゲーションを表示
+view.sbom.import.result=View SBOM import result
 view.scanner.findings.license=View scanner findings (License)
 visibility=可視範囲
 Visibility=Private: 作成者（およびすべての表示レベルに適用される管理者）のみが表示できます。&#10Me and Moderators: 作成者とモデレーターが表示できます。&#10Group and Moderators: 同じグループメンバーとモデレータが見れる &#10Everyone: このシステムにログインしている人全員が見れる
@@ -1474,12 +1559,14 @@ whitesource.organization.api.key=ホワイトソース組織APIキー
 whitesource.user.key=ホワイトソースユーザーキー
 with.attachments=添付ファイル
 with.cli.attachments=CLI添付ファイル
+with.file.error=with fileError
 without.attachments=添付ファイルなし
 without.source.attachments=Without Source Attachments
 wiki=Wiki
 wiki.url=WikiのURL
 will.be.fulfilled.before.release=Will be fulfilled before release
 will.be.set.automatically=自動的に設定されます
+will.not.be.created.if.it.does.not.contain=will not be created if it does not contain
 write.access=書き込みアクセス
 wsimport=wsimport
 x.rows.selected=%d行が選択されました
@@ -1490,6 +1577,7 @@ you.are.removed.from.the.list.of.moderators.for.the.previous.moderation.request=
 you.are.signed.in.please.go.ahead.using.sw360=ログインしています。SW360を使用してください。
 you.are.the.last.moderator.for.this.request.you.are.not.allowed.to.unsubscribe=あなたはこのリクエストの最後のモデレーターです-退会することはできません。
 you.do.not.have.any.open.moderation.requests=開いているモデレートリクエストはありません。
+you.do.not.have.permission.to.import.or.export.the.sbom=You do not have permission to import or export the SBOM
 you.do.not.own.any.components=コンポーネントを所有していません。
 you.do.not.own.any.projects=プロジェクトを所有していません。
 you.have.accepted.the.previous.moderation.request=以前のモデレートリクエストを受け入れました。
@@ -1704,3 +1792,12 @@ cve.number.must.be.positive.number = Cve番号は正の数である必要があ
 ## Refer to http://cdn.datatables.net/plug-ins/9dcbecd42ad/i18n/ and add your datatables language
 
 datatables.lang=https://cdn.datatables.net/plug-ins/9dcbecd42ad/i18n/Japanese.json
+
+## CycloneDX Component Type
+application=Application
+container=Container
+device=Device
+firmware=Firmware
+framework=Framework
+library=Library
+operating.system=Operating System
diff --git a/frontend/sw360-portlet/src/main/resources/content/Language_vi.properties b/frontend/sw360-portlet/src/main/resources/content/Language_vi.properties
index dd79076e8a..124237393e 100644
--- a/frontend/sw360-portlet/src/main/resources/content/Language_vi.properties
+++ b/frontend/sw360-portlet/src/main/resources/content/Language_vi.properties
@@ -2,6 +2,7 @@ accepted=Accepted
 accept.request=Chấp nhận yêu cầu
 access=Truy cập
 access.denied=Truy cập bị từ chối
+access.denied.2=ACCESS DENIED
 access.token=Mã truy cập
 access.token.validity=Access Token Validity
 accountant=Kế toán
@@ -22,6 +23,7 @@ add.data.to.this.release=Thêm dữ liệu vào bản phát hành này
 add.license.info.to.release=Add License Info to Release
 added.project.links=Liên kết dự án đã thêm
 added.release.links=Liên kết phát hành đã thêm
+added.successfully=added successfully
 additional.data=Dữ liệu bổ sung
 additional.data.name=tên dữ liệu bổ sung
 additional.data.value=giá trị dữ liệu bổ sung
@@ -221,6 +223,8 @@ clearing.team.will.confirm.on.the.agreed.clearing.date=Clearing team will confir
 cli.attachment.evaluation.completed=CLI attachment evaluation completed.
 cli.attachment.not.found.in.the.release=CLI attachment not found in the release
 cli.count=CLI count
+click.on.upload.and.import.button=Click on upload & import button
+click.the.url.to.open.project.details.page=Click the URL to open project details page
 click.to.add.oidc.client=Click to add OIDC client
 click.to.add.releases=Nhấn vào đây để thêm Phát hành
 click.to.add.row.to=Nhấn vào đây để thêm hàng vào
@@ -230,6 +234,7 @@ click.to.add.row.to.external.ids=Nhấn vào đây để thêm hàng vào Id bê
 click.to.add.row.to.external.urls=Click to add row to External URLs
 click.to.add.secondary.department.and.roles=Click to add Secondary Department and Roles
 click.to.edit=Bấm vào để chỉnh sửa
+click.to.link.a.release=Click to link a Release
 click.to.set.department=Nhấn vào đây để đặt bộ phận
 click.to.expand.or.collapse=Click to expand or collapse
 click.to.set.licenses=Nhấn vào đây để đặt Giấy phép
@@ -264,7 +269,10 @@ component.owner=Chủ sở hữu thành phần
 component.visibility=Component visibility
 components=Các thành phần
 components2=các thành phần
+components.created=Components created
 components.only=Chỉ thành phần
+components.reused=Components reused
+components.were.not.imported.because.multiple.duplicate.components.are.found.with.exact.same.name=Components were not imported, because multiple duplicate components are found with exact same name
 components.with.releases=Các thành phần có bản phát hành
 components.with.the.same.identifier.name=Các thành phần có cùng định danh [name]
 component.type=Loại thành phần
@@ -313,6 +321,8 @@ create.component=Tạo thành phần
 created.by=Được tạo bởi
 created.by.email=Created by (Email)
 created.on=Được tạo ra trên
+created.project.with.id=Created project with id
+created.project.with.name=Created project with name
 created.successfully=created successfully
 create=Create
 create.license=Tạo giấy phép
@@ -339,11 +349,22 @@ current.release=Phát hành hiện tại
 current.release.relationship=Mối quan hệ phát hành hiện tại
 current.selection.will.be.overwritten=Lựa chọn hiện tại sẽ được ghi đè!
 current.value=Giá trị hiện tại
+currently.only.cyclonedx.sbom.export.is.supported=Currently only CycloneDX SBOM export is supported
 customer.project=Dự án khách hàng
 cve.id=CVE ID
 cve.references=Tài liệu tham khảo CVE
 cve.search=Tìm kiếm CVE
 cvs=CVS
+cyclonedx=CycloneDX
+CycloneDxComponentType=Specifies the type of component. For software components, classify as application if no more specific appropriate classification is available or cannot be determined.&#10APPLICATION: A software application.&#10CONTAINER: A packaging and/or runtime format, not specific to any particular technology.&#10DEVICE: A hardware device such as a processor, or chip-set.&#10FILE: A computer file.&#10FIRMWARE: A special type of software that provides low-level control over a devices hardware.&#10FRAMEWORK: A software framework. If the library also has key features of a framework, then it should be classified as a framework.&#10LIBRARY: A software library. All third-party and open source reusable components will likely be a library.&#10OPERATING_SYSTEM: A software operating system without regard to deployment model.
+CycloneDxComponentType-APPLICATION=A software application.
+CycloneDxComponentType-CONTAINER=A packaging and/or runtime format, not specific to any particular technology,&#10which isolates software inside the container from software outside of a container through virtualization technology.
+CycloneDxComponentType-DEVICE=A hardware device such as a processor, or chip-set.&#10A hardware device containing firmware should include a component for the physical hardware itself,&#10and another component of type 'firmware' or 'operating-system' (whichever is relevant),&#10describing information about the software running on the device.
+CycloneDxComponentType-FILE=A computer file.
+CycloneDxComponentType-FIRMWARE=A special type of software that provides low-level control over a devices hardware.
+CycloneDxComponentType-FRAMEWORK=A software framework. If the library also has key features of a framework, then it should be classified as a framework.
+CycloneDxComponentType-LIBRARY=A software library. All third-party and open source reusable components will likely be a library.&#10If the library also has key features of a framework, then it should be classified as a framework.&#10If not, or is unknown, then specifying library is recommended.
+CycloneDxComponentType-OPERATING_SYSTEM=A software operating system without regard to deployment model&#10(i.e. installed on physical hardware, virtual machine, image, etc).
 darcs=Anh hùng
 database.administration=Quản lý cơ sở dữ liệu
 database.sanitation=Dọn dẹp cơ sở dữ liệu
@@ -365,6 +386,7 @@ delete.component=Xóa thành phần
 deleted.linked.project.enable.svm=Deleted Linked Project Enable SVM
 deleted.project=Deleted Project
 deleted.project.relationship=Xóa mối quan hệ dự án
+deleted.successfully=Deleted successfully
 delete.item=Xóa mục
 delete.license=Xóa giấy phép
 delete.license.type=Xóa loại giấy phép
@@ -433,6 +455,7 @@ do.you.really.want.to.delete.the.project.x=Bạn có thực sự muốn xóa d
 do.you.really.want.to.delete.the.release.x=Bạn có thực sự muốn xóa bản phát hành <b data-name="name"></b>
 do.you.really.want.to.delete.the.obligation.x=Bạn có thực sự muốn xóa việc cần làm <b data-name="title"></b>
 do.you.really.want.to.delete.the.vendor.x=Bạn có thực sự muốn xóa nhà cung cấp <b data-name="name"></b>
+do.you.really.want.to.export.sbom.for.the.project.x=Do you really want to export SBOM for the project <b data-name="projectName"></b>?
 do.you.really.want.to.import.all.spdx.all.licenses=Bạn có thực sự muốn nhập tất cả SPDX tất cả các giấy phép?
 do.you.really.want.to.remove.the.link.to.project.x=Bạn có thực sự muốn xóa liên kết đến dự án <b data-name="project"></b>?
 do.you.really.want.to.remove.the.link.to.release.x=Bạn có thực sự muốn xóa liên kết để phát hành <b data-name="release"></b>?
@@ -440,6 +463,7 @@ do.you.really.want.to.remove.the.link.to.release.x.1=Bạn có thực sự muố
 do.you.really.want.to.remove.this.item=Bạn có thực sự muốn loại bỏ mục này?
 drop.a.file.here=Thả một tập tin ở đây
 duplicate=Bản sao
+duplicate.sbom=DUPLICATE SBOM
 dynamically.linked=Liên kết động
 ecc.admin=Quản trị viên ECC
 ecc.assessment.date=Ngày đánh giá ECC
@@ -511,6 +535,7 @@ enter.folder.id=Nhập id thư mục
 enter.fullname=Nhập tên đầy đủ
 enter.group=Nhập nhóm
 enter.home.url=Nhập Url trang trủ
+enter.homepage.url=Enter Homepage Url
 enter.mail.address=Nhập địa chỉ thư
 enter.mailing.list.url=Nhập Url danh sách gửi thư
 enter.material.index.number=Nhập số chỉ mục tài liệu
@@ -526,6 +551,7 @@ enter.owners.accounting.unit=Nhập đơn vị kế toán
 enter.owners.billing.group=Nhập nhóm thanh toán
 enter.project=Nhập dự án
 enter.refresh.token.validity=Enter Refresh Token Validity
+enter.purl=Enter PURL
 enter.release=Nhập bản phát hành
 enter.release.date=Nhập ngày phát hành
 enter.request.id=Nhập ID yêu cầu
@@ -549,6 +575,7 @@ enter.user.lastname=Enter user last name
 enter.user.primary.department=Enter user primary department
 enter.user.primary.roles=Enter user primary roles
 enter.user.pwd=Enter user password
+enter.vcs.url=Enter VCS Url
 enter.vendor=Nhập nhà cung cấp
 enter.vendor.fullname=Nhập tên đầy đủ của nhà cung cấp
 enter.vendor.short.name=Nhập tên viết tắt của nhà cung cấp
@@ -608,14 +635,20 @@ failed.to.add.licenses=Failed to add licenses
 failed.to.create.clearing.request=Failed to create clearing request!
 failed.to.delete.the.obligation=Không thể xóa nghĩa vụ!
 failed.to.edit.secondary.departments.and.roles.for.user=Failed to edit Secondary Departments and Roles for user
+failed.to.export.sbom.for.project=Failed to export SBOM for project
 failed.to.fetch.clearing.request.from.db=Failed to fetch clearing request from database!
+failed.to.import.sbom=Failed to import SBOM
 failed.to.load=Failed to load!
+failed.to.load.sbom.import.status.for.attachment=Failed to load SBOM import status for attachment
 failed.to.load.scanner.findings.with.error=Failed to load Scanner findings with error
 failed.to.load.source.file.with.error=Failed to load source file with error
 failed.to.reopen.clearing.request=Failed to reopen clearing request!
+failed.to.sync.releases=Failed to sync Releases
+failed.to.sync.releases.with.error=Failed to sync Releases with error
 failed.to.update.clearing.request=Failed to update clearing request!
 FAILURE=THẤT BẠI
 field.name=Tên trường
+file=File
 file.name=Tên tệp
 filename=Tên tệp
 fill.the.form.to.create.clearing.request.for.project.x=Fill the form to create clearing request for project <b data-name="name"></b>
@@ -666,6 +699,7 @@ homepage=Trang chủ
 homepage.url=URL trang chủ
 how.it.works=Nó hoạt động như thế nào
 ibm.rational.synergy=Sức mạnh tổng hợp của IBM
+include.releases.from.sub.projects.in.exported.sbom=Include releases from sub-projects in exported SBOM
 i.could.not.cleanup.the.attachments=Tôi không thể dọn dẹp các tệp đính kèm!
 i.could.not.delete.the.component=Tôi không thể xóa thành phần
 i.could.not.delete.the.component.since.it.is.in.use=Tôi không thể xóa thành phần, vì nó đang được sử dụng.
@@ -695,9 +729,12 @@ import=Nhập
 import.export=Nhập và xuất
 import.failed=Nhập thất bại.
 import.projects=Nhập các dự án
-import.spdx.bom=Nhập SBOM
+import.sbom=Nhập SBOM
 import.spdx.information=Nhập thông tin SPDX
 import.spdx.licenses=Nhập giấy phép SPDX
+import.will.fail.if.there.is.already.an.existing.project.with.same.name.and.version.as.component.present.in.sbom=Import will <span class="font-weight-bold text-danger">fail</span> if there is already an existing project with same name and version as component present in SBOM
+import.will.fail.if.current.project.name.and.version.is.not.same.as.component.present.in.sbom=Import will <span class="font-weight-bold text-danger">fail</span> if current project name and version is not same as component present in SBOM
+imported.sbom.into.project=imported SBOM into project
 incorrect=Sai
 info=Info
 infoempty=Hiện thị 0 tới 0 của 0 mục
@@ -706,6 +743,7 @@ in.case.you.need.the.clearing.at.an.earlier.date.then.the.preferred.date.that.is
 in.order.to.go.ahead.please.sign.in.or.create.a.new.account=Để tiếp tục, vui lòng đăng nhập hoặc tạo một tài khoản mới!
 in.progress=In Progress
 in.queue=In Queue
+in.sbom.file=in SBOM file
 inaccessible.component=Restricted component
 inaccessible.count=Other restricted items
 inaccessible.release=Restricted release
@@ -742,6 +780,7 @@ lead.architect=Kiến trúc sư trưởng
 learn.more.about.clearing.request.priority=Learn more about clearing request priority.
 learn.more.about.clearing.request.status=Learn more about clearing request status.
 learn.more.about.component.types=Tìm hiểu thêm về các loại thành phần.
+learn.more.about.cyconedx.component.types=Learn more about CycloneDx component types.
 learn.more.about.ecc.statuses=Tìm hiểu thêm về trạng thái ECC.
 learn.more.about.mainline.states=Tìm hiểu thêm về các trạng thái chính.
 learn.more.about.project.types=Tìm hiểu thêm về các loại dự án.
@@ -777,6 +816,7 @@ license.x.is.not.unique.license.is.not.excluded='Giấy phép "' + licenseId + '
 license.x.not.found.license.is.not.excluded='Giấy phép "' + licenseId + '" không tìm thấy. Giấy phép không được loại trừ.'
 lifecycle=Vòng đời
 linked.projects=Các dự án được liên kết
+linked.release=Linked Release
 linked.releases=Các bản phát hành được liên kết
 linked.releases.and.projects=Các bản phát hành và dự án được liên kết
 link.project=Liên kết dự án
@@ -786,6 +826,7 @@ link.release.to.project=Liên kết bản phát hành đến dự án
 links=Liên kết
 link.to.project=Liên kết đến dự án
 link.to.projects=Link to Projects
+list.of.components.without.version.information=List of Components without version information
 list.view=List View
 loading=Đang tải...
 loading.data.for.step.1.please.wait=Đang tải dữ liệu cho bước 1, vui lòng đợi ...
@@ -878,6 +919,7 @@ no.license.found.with.your.search=Không tìm thấy giấy phép với tìm ki
 no.license.risks.analysis.available=Không có phân tích rủi ro giấy phép nào có sẵn.
 no.linked.obligations=Không có nghĩa vụ liên kết.
 no.linked.releases.or.projects=Không có bản phát hành hoặc dự án được liên kết
+no.linked.release=No Linked Release
 no.linked.releases.yet=Không có bản phát hành liên kết nào.
 no.matching.records.found=Không tìm thấy kết quả
 no.moderation.requests.found=Không có yêu cầu kiểm duyệt nào được tìm thấy.
@@ -900,6 +942,8 @@ none.of.the.directly.linked.releases.are.cleared=None of the directly linked rel
 not.applicable=Not Applicable
 not.available=Không có sẵn
 not.checked=Chưa được kiểm tra
+not.imported=not imported
+not.linked.to.any.release=not linked to any release
 in.analysis=In Analysis
 not.decided.so.far=Không quyết định cho đến nay
 not.loaded.yet=Not loaded yet
@@ -938,6 +982,7 @@ operating.systems=Hệ điều hành
 operation=Operation
 optional=Tùy chọn
 or=Hoặc
+or2=or
 org1=org1
 org2=org2
 org3=org3
@@ -1004,10 +1049,15 @@ please.enter.the.server.url=Vui lòng nhập url máy chủ!
 please.enter.the.user.name=Vui lòng nhập tên người dùng!
 please.enter.user.key=Vui lòng nhập mã người dùng
 please.enter.valid.access.token.validity=Please enter valid access token validity
+please.enter.valid.name=Please enter valid name!
+please.enter.valid.purl=Please enter valid PURL!
+please.enter.valid.refresh.token.validity=Please enter valid refresh token validity
+please.enter.valid.version=Please enter valid version!
 please.enter.your.external.id=Vui lòng nhập id bên ngoài của bạn!
 please.enter.your.first.email=Vui lòng nhập email đầu tiên của bạn!
 please.enter.your.first.name=Vui lòng nhập tên của bạn!
 please.enter.your.last.name=Vui lòng nhập họ của bạn!
+please.import.this.sbom.from.project.details.page=Please import this SBOM from project details page
 please.migrate.all.releases.and.keep.the.existing.ones=Vui lòng di chuyển tất cả các bản phát hành và giữ những bản hiện có!
 please.perform.a.new.search=Vui lòng thực hiện một tìm kiếm mới.
 please.select.a.file=Vui lòng chọn một tập tin!
@@ -1015,8 +1065,10 @@ please.select.a.group=Vui lòng chọn một nhóm!
 please.select.a.role=Vui lòng chọn một vai trò!
 please.select.the.project.type=Vui lòng chọn loại dự án!
 please.select.the.project.visibility=Vui lòng chọn tầm nhìn của dự án!
+please.select.the.sbom.format=Please select the SBOM format
 please.select.the.component.visibility=Please select the component visibility!
 please.select.the.server=Vui lòng chọn máy chủ!
+please.upload.the=Please upload the
 prease.enter.a.valid.url=Please enter a valid URL!
 possible.main.license.ids=Possible Main License Ids:
 postpone.request=Yêu cầu trì hoãn
@@ -1044,6 +1096,7 @@ project.import.bdp=Nhập dự án (BDP)
 project.mainline.state=Dự án chính
 project.manager=Quản lý dự án
 project.name=Tên dự án
+project.name.and.version.x.present.in.sbom.metadata.tag.is.not.same.as.the.current.sw360.project=Project name (version): <b>\"+ data.projectName +\"</b> present in SBOM <span class='font-weight-bold text-monospace text-danger'>metadata</span> tag is not same as the current SW360 project
 project.name.first.letters=Tên dự án (chữ cái đầu tiên)
 project.namelinks=Tên dự án
 project.obligation.status=Tình trạng nghĩa vụ dự án
@@ -1074,6 +1127,8 @@ proposed.changes=Những thay đổi được đề nghị
 proposed.user.attributes=Thuộc tính người dùng được đề xuất
 ptc.integrity=Tính toàn vẹn của PTC
 publish.date=Ngày xuất bản
+purl=Purl
+purl.package.url=PURL (Package URL)
 quality.manager=Quản lý chất lượng
 quick.filter=Bộ lọc nhanh
 rate=Tỷ lệ
@@ -1084,6 +1139,7 @@ read.and.write.access=Read and Write Access
 recent.components=Các thành phần gần đây
 recent.releases=Các bản phát hành gần đây
 re.check.connection=Kiểm tra lại kết nối
+redirecting.to.project.details.page=redirecting to project details page
 references=Tài liệu tham khảo
 refresh=Làm mới
 refresh.token.validity=Refresh Token Validity
@@ -1093,6 +1149,8 @@ related=Liên quan
 relation=Quan hệ
 release=Phát hành
 releases=Releases
+releases.created=Releases created
+releases.reused=Releases reused
 release.aggregate.data=Dữ liệu tổng hợp bản phát hành
 release.bulk.edit=Chỉnh sửa hàng loạt bản phát hành
 release.clearing.state=Trạng thái dọn dẹp bản phát hành
@@ -1102,11 +1160,15 @@ release.date.of.this.release=Ngày phát hành của bản phát hành này
 release.filter=Release Filter
 release.mainline.state=Trạng thái chính bản phát hành
 release.name=Tên phát hành
+release.name.with.version=Release Name (version)
 release.namelinks=Tên liên kết phát hành
 release.namesource.attachments.count=Tên bản phát hành Nguồn đính kèm
 release.overview=Tổng quan bản phát hành
 release.relation=Quan hệ bản phát hành
 release.relationship=Phát hành mối quan hệ
+releases.synced.successfully.please.reload.the.page.to.see.the.changes=Releases synced successfully, Please <a href="javascript:window.location.reload(true)">reload</a> the page to see the changes
+releases.are.already.in.sync.no.action.needed=Releases are already in sync! No action needed
+releases.were.not.imported.because.multiple.duplicate.releases.are.found.with.exact.same.name.and.version=Releases were not imported, because multiple duplicate releases are found with exact same name & version
 ReleaseRelationship="Không xác định: Nếu bạn không biết &#10Chứa: Nếu bạn không biết liệu nó có được liên kết động không &#10Đã giới thiệu: Tham khảo một phần độc lập được sử dụng phần khác &#10Liên kết động: Phần mềm được liên kết động - như tên gọi &#10Liên kết tĩnh: Phần mềm được liên kết tĩnh - như tên gọi &#10Bên cạnh: Không quyết định cho đến nay &#10Độc lập: Phần mềm được cung cấp dưới dạng phân phối độc lập, tức là. không kết nối kỹ thuật &#10Sử dụng nội bộ: Được sử dụng để tạo hoặc xây dựng hoặc? sản phẩm hoặc dự án nhưng không được giao &#10Tùy chọn: Không phải là một phần bắt buộc của cài đặt &#10Để được thay thế: Có nhưng nên được chuyển ra ngoài &#10Đoạn mã: Từ bản phát hành tài liệu tham khảo, một đoạn được sử dụng.";
 ReleaseRelationship-CONTAINED=Nếu bạn không biết liệu nó có được liên kết động hay không.
 ReleaseRelationship-DYNAMICALLY_LINKED=Phần mềm được liên kết động - như tên gọi.
@@ -1178,6 +1240,15 @@ save.configuration=Lưu cấu hình
 saved.attachment.usages=Đã lưu cách sử dụng tệp đính.
 save.obligations=Lưu nghĩa vụ
 save.usages=Lưu cách dùng
+sbom=SBOM
+sbom.document=SBOM document
+sbom.format=SBOM format
+sbom.failed.sanity.check=SBOM FAILED SANITY CHECK
+sbom.exported.successfully=SBOM exported successfully
+sbom.import.failed=SBOM Import Failed
+sbom.import.status=SBOM Import Status
+sbom.import.statistics.for=SBOM Import Statistics for
+sbom.imported.successfully=SBOM imported successfully
 scanned=Đã quét
 scan.available=Scan available
 scan.the.sources=Quét các nguồn
@@ -1264,6 +1335,7 @@ source.file.information.not.found.in.cli=Source file information not found in CL
 source.file.information.not.found.in.isr=Source file information not found in ISR
 source.release=Phát hành nguồn:
 source.vendor=Nhà cung cấp nguồn
+spdx=SPDX
 spdx.attachments=Tệp đính kèm SPDX
 special.risk.open.source.software=Rủi ro đặc biệt của Phần mềm nguồn mở
 special.risks.3rd.party.software=Rủi ro đặc biệt của phần mềm bên thứ 3
@@ -1298,11 +1370,13 @@ sw360.admin=Quản trị viên SW360
 sw360.is.an.open.source.software.project.that.provides.both.a.web.application.and.a.repository.to.collect=SW360 là một dự án phần mềm nguồn mở cung cấp cả ứng dụng web và kho lưu trữ để thu thập,
 sw360.is.an.open.source.software.project.that.provides.both.a.web.application.and.a.repository.to.collect.organize.and.make.available.information.about.software.components.it.establishes.a.central.hub.for.software.components.in.an.organization=SW360 là một dự án phần mềm nguồn mở cung cấp cả ứng dụng web và kho lưu trữ để thu thập, sắp xếp và cung cấp thông tin có sẵn về các thành phần của phần mềm. Nó thiết lập một trung tâm trung tâm cho các thành phần phần mềm trong một tổ chức.
 sw360.user=Người dùng SW360
+sync=Sync
 system.test.begin=Kiểm tra hệ thống bắt đầu
 system.test.begin.date.yyyy.mm.dd=Ngày bắt đầu thử nghiệm hệ thống YYYY-MM-DD
 system.test.end=Kết thúc kiểm tra hệ thống
 system.test.end.date.yyyy.mm.dd=Ngày kết thúc kiểm tra hệ thống YYYY-MM-DD
 tag=Nhãn
+tag2=tag
 target.component=Thành phần mục tiêu
 target.release=Bản phát hành mục tiêu:
 target.vendor=Nhà cung cấp mục tiêu:
@@ -1337,6 +1411,7 @@ the.user.x.will.be.added.to.the.list.of.moderators="Người dùng <b class='use
 the.verification.of.vulnerabilities.will.be=Việc xác minh các lỗ hổng <strong data-name="vulnerabilityCount"></strong> sẽ được thay đổi thành <strong data-name="verification"></strong>.
 this.component.x.contains=Thành phần này <b data-name="name"></b> chứa:
 this.component.x.contains.y.attachments=Thành phần này <span data-name="name"></span> chứa <b><span data-name="attachments"></span></b> tệp đính kèm.
+this.currently.only.supports.spdx.rdf.xml.files.with.a.unique.described.top.level.node=This currently only supports SPDX RDF/XML files with a unique described top level node
 this.error.can.lead.to.inconsistencies.in.the.database.please.inform.the.administrator.that.the.following.vendors.could.not.be.merged=Lỗi này có thể dẫn đến sự không nhất quán trong cơ sở dữ liệu. Vui lòng thông báo cho quản trị viên rằng các nhà cung cấp sau không thể hợp nhất:
 this.error.can.lead.to.inconsistencies.in.the.database.please.inform.the.administrator.with.the.following.information=Lỗi này có thể dẫn đến sự không nhất quán trong cơ sở dữ liệu. Vui lòng thông báo cho quản trị viên với các thông tin sau:
 this.function.is.meant.to.be.followed.by.a.new.license.import=Chức năng này có nghĩa là được theo sau bởi nhập một giấy phép mới.
@@ -1348,12 +1423,16 @@ this.project.contains=Dự án này chứa
 this.project.x.contains=Dự án này <b data-name="name"></b> chứa:
 this.release.x.contains=Bản phát hành <b data-name="name"></b> này chứa:
 this.release.x.contains.1=Bản phát hành <span data-name="name"></span> chứa
+time.taken.for.export=Time taken for export
+time.taken.for.import=Time taken for import
 title=Tiêu đề
 to=To
 to.be.replaced=Sẽ được thay thế
 to.view.the.files.corresponding.to.each.licenses.go.to.clearing.details.tab.of.respective.release=To view the files corresponding to each licenses, go to "Clearing Details" tab of respective Release.
 today=Today
+total.components=Total Components
 total.number.of.files=Total number of files
+total.releases=Total Releases
 #oblig=Việc cần làm
 obligation=Nghĩa vụ
 #oblig.details=Chi tiết việc cần làm
@@ -1396,6 +1475,7 @@ update.vendor=Cập nhật nhà cung cấp
 update.whitelist=Cập nhật danh sách trắng
 updating.the.moderation.request.failed=Cập nhật yêu cầu kiểm duyệt không thành công.
 upload=Tải lên
+upload.and.import=Upload & Import
 upload.attachment=Tải lên tập tin
 upload.component.attachments=Tải lên tệp đính kèm thành phần
 upload.component.csv=Tải lên thành phần CSV
@@ -1403,10 +1483,12 @@ uploaded.by=Được tải lên bởi
 upload.license.archive=Tải lên lưu trữ giấy phép
 upload.licenses=Tải lên giấy phép
 upload.release.links=Tải lên liên kết phát hành
+upload.successful.importing.of.sbom.is.in.progress=Upload successful, Importing of SBOM is in progress
 upload.the.sources.to.fossology=Tải các nguồn lên FOSSology
 upload.users=Tải lên người dùng
 uploaded.comment=Uploaded Comment
 uploaded.on=Uploaded On
+uploading.sbom.file=Uploading SBOM file
 url=URL
 usage.overview=Tổng quan về cách sử dụng
 usage.right.available=Quyền sử dụng Có sẵn
@@ -1430,6 +1512,8 @@ users.already.in.liferay=Những người dùng đã ở trong Liferay
 users.not.in.liferay=Những người dùng không ở trong Liferay
 use.selection.of.this.subproject=Sử dụng lựa chọn của dự án con này
 valid.for.projects=Hợp lệ cho các dự án
+vcs=VCS
+vcs.version.control.system=VCS (Version Control System)
 vender=Nhà cung cấp
 vendor=Nhà cung cấp
 vendor.advisories=Khuyến cảo từ nhà cung cấp
@@ -1444,12 +1528,14 @@ VerificationState-INCORRECT=Nó đã được quyết định rằng việc xác
 VerificationState-NOT_CHECKED=Không ai đã xem xét điều này và xác minh nó.
 version=Phiên bản
 very.large=Very Large
+via.purl=via PURL
 view.clearing.request=View Clearing Request
 view.clearing.request.failure.message=We are not able to find the clearing request [ID: <b data-name="crId"></b>] in db for the project <b data-name="projectName"></b><br>Try again later.
 view.by.releases=Xem bởi các bản phát hành
 view.change.logs=View Change Logs
 view.file.list=View file list
 view.obligations=Xem nghĩa vụ
+view.sbom.import.result=View SBOM import result
 view.scanner.findings.license=View scanner findings (License)
 visibility=Tầm nhìn
 Visibility=Riêng tư: Chỉ hiển thị bởi người tạo (và quản trị viên áp dụng cho tất cả các mức độ hiển thị) &#10Tôi và Người kiểm duyệt: Hiển thị bởi người tạo và người kiểm duyệt &#10Nhóm và Người kiểm duyệt: Tất cả người dùng của cùng một nhóm và người kiểm duyệt &#10Mọi người: Mọi người dùng đăng nhập vào hệ thống
@@ -1477,12 +1563,14 @@ whitesource.organization.api.key=Khóa API tổ chức Whitesource
 whitesource.user.key=Khóa người dùng Whitesource
 with.attachments=With Attachments
 with.cli.attachments=With CLI Attachments
+with.file.error=with fileError
 without.attachments=Without Attachments
 without.source.attachments=Without Source Attachments
 wiki=Wiki
 wiki.url=URL Wiki
 will.be.fulfilled.before.release=Will be fulfilled before release
 will.be.set.automatically=Sẽ được đặt tự động
+will.not.be.created.if.it.does.not.contain=will not be created if it does not contain
 write.access=Truy cập ghi
 wsimport=wsimport
 x.rows.selected=%d hàng được chọn
@@ -1493,6 +1581,7 @@ you.are.removed.from.the.list.of.moderators.for.the.previous.moderation.request=
 you.are.signed.in.please.go.ahead.using.sw360=Bạn đã đăng nhập, vui lòng tiếp tục sử dụng SW360!
 you.are.the.last.moderator.for.this.request.you.are.not.allowed.to.unsubscribe=Bạn là người kiểm duyệt cuối cùng cho yêu cầu này - bạn không được phép hủy đăng ký.
 you.do.not.have.any.open.moderation.requests=Bạn không có bất kỳ yêu cầu kiểm duyệt nào.
+you.do.not.have.permission.to.import.or.export.the.sbom=You do not have permission to import or export the SBOM
 you.do.not.own.any.components=Bạn không sở hữu bất kỳ thành phần nào.
 you.do.not.own.any.projects=Bạn không sở hữu bất kỳ dự án nào.
 you.have.accepted.the.previous.moderation.request=Bạn đã chấp nhận yêu cầu kiểm duyệt trước đó.
@@ -1716,3 +1805,12 @@ obligation.change.log.is.unavailable.because.obligation.does.not.exist=Không xe
 ## Refer to http://cdn.datatables.net/plug-ins/9dcbecd42ad/i18n/ and add your datatables language
 
 datatables.lang=https://cdn.datatables.net/plug-ins/9dcbecd42ad/i18n/Vietnamese.json
+
+## CycloneDX Component Type
+application=Application
+container=Container
+device=Device
+firmware=Firmware
+framework=Framework
+library=Library
+operating.system=Operating System
diff --git a/frontend/sw360-portlet/src/main/resources/content/Language_zh.properties b/frontend/sw360-portlet/src/main/resources/content/Language_zh.properties
index 9a942eff87..546edb7c8a 100644
--- a/frontend/sw360-portlet/src/main/resources/content/Language_zh.properties
+++ b/frontend/sw360-portlet/src/main/resources/content/Language_zh.properties
@@ -2,6 +2,7 @@ accepted=接受
 accept.request=接受请求
 access=访问
 access.denied=拒绝访问
+access.denied.2=ACCESS DENIED
 access.token=访问令牌
 access.token.validity=访问令牌有效时间
 accountant=会计师
@@ -23,6 +24,7 @@ add.license.info.to.release=添加许可证信息到发行版本
 add.user=添加用户
 added.project.links=添加项目链接
 added.release.links=添加发行版本链接
+added.successfully=added successfully
 additional.data=附加数据
 additional.data.name=附加数据名称
 additional.data.value=附加数据值
@@ -221,6 +223,8 @@ clearing.team.will.confirm.on.the.agreed.clearing.date=明确团队将在<b>商
 cli.attachment.evaluation.completed=CLI附件评估已完成。
 cli.attachment.not.found.in.the.release=发行版本中未找到CLI附件
 cli.count=CLI数量
+click.on.upload.and.import.button=Click on upload & import button
+click.the.url.to.open.project.details.page=Click the URL to open project details page
 click.to.add.oidc.client=点击添加OIDC客户端
 click.to.add.releases=点击添加发行版本
 click.to.add.row.to=点击添加行到
@@ -230,6 +234,8 @@ click.to.add.row.to.external.ids=点击添加行到外部ID
 click.to.add.row.to.external.urls=点击添加行到外部URL
 click.to.add.secondary.department.and.roles=点击添加第二部门和角色
 click.to.edit=点击编辑
+click.to.expand.or.collapse=Click to expand or collapse
+click.to.link.a.release=Click to link a Release
 click.to.set.licenses=点击设置许可证
 click.to.set.vendor=点击设置供应商
 client.id=客户编号
@@ -261,7 +267,10 @@ component.owner=组件所有者
 component.visibility=组件可见性
 components=组件
 components2=组件
+components.created=Components created
 components.only=仅组件
+components.reused=Components reused
+components.were.not.imported.because.multiple.duplicate.components.are.found.with.exact.same.name=Components were not imported, because multiple duplicate components are found with exact same name
 components.with.releases=具有发行版本的组件
 components.with.the.same.identifier.name=具有相同标识符[名称]的组件
 component.type=组件类型
@@ -310,6 +319,8 @@ create.component=创建组件
 created.by=创建者
 created.by.email=创建者（电子邮件）
 created.on=创建于
+created.project.with.id=Created project with id
+created.project.with.name=Created project with name
 created.successfully=创建成功
 create=创建
 create.license=创建许可证
@@ -336,11 +347,22 @@ current.release=当前发行版本
 current.release.relationship=当前发行版本关系
 current.selection.will.be.overwritten=当前选择将被覆盖！
 current.value=当前值
+currently.only.cyclonedx.sbom.export.is.supported=Currently only CycloneDX SBOM export is supported
 customer.project=客户项目
 cve.id=CVE ID
 cve.references=CVE参考
 cve.search=CVE搜索
 cvs=CVS
+cyclonedx=CycloneDX
+CycloneDxComponentType=Specifies the type of component. For software components, classify as application if no more specific appropriate classification is available or cannot be determined.&#10APPLICATION: A software application.&#10CONTAINER: A packaging and/or runtime format, not specific to any particular technology.&#10DEVICE: A hardware device such as a processor, or chip-set.&#10FILE: A computer file.&#10FIRMWARE: A special type of software that provides low-level control over a devices hardware.&#10FRAMEWORK: A software framework. If the library also has key features of a framework, then it should be classified as a framework.&#10LIBRARY: A software library. All third-party and open source reusable components will likely be a library.&#10OPERATING_SYSTEM: A software operating system without regard to deployment model.
+CycloneDxComponentType-APPLICATION=A software application.
+CycloneDxComponentType-CONTAINER=A packaging and/or runtime format, not specific to any particular technology,&#10which isolates software inside the container from software outside of a container through virtualization technology.
+CycloneDxComponentType-DEVICE=A hardware device such as a processor, or chip-set.&#10A hardware device containing firmware should include a component for the physical hardware itself,&#10and another component of type 'firmware' or 'operating-system' (whichever is relevant),&#10describing information about the software running on the device.
+CycloneDxComponentType-FILE=A computer file.
+CycloneDxComponentType-FIRMWARE=A special type of software that provides low-level control over a devices hardware.
+CycloneDxComponentType-FRAMEWORK=A software framework. If the library also has key features of a framework, then it should be classified as a framework.
+CycloneDxComponentType-LIBRARY=A software library. All third-party and open source reusable components will likely be a library.&#10If the library also has key features of a framework, then it should be classified as a framework.&#10If not, or is unknown, then specifying library is recommended.
+CycloneDxComponentType-OPERATING_SYSTEM=A software operating system without regard to deployment model&#10(i.e. installed on physical hardware, virtual machine, image, etc).
 darcs=darcs
 database.administration=数据库管理
 database.sanitation=数据库状态
@@ -362,6 +384,7 @@ delete.component=删除组件
 deleted.project=已删除项目
 deleted.project.relationship=已删除项目关系
 deleted.linked.project.enable.svm=删除链接项目启用的SVM
+deleted.successfully=Deleted successfully
 delete.item=删除项目
 delete.license=删除许可证
 delete.license.type=删除许可证类型
@@ -428,6 +451,7 @@ do.you.really.want.to.delete.the.license.type.x=确定删除许可证类型 <b d
 do.you.really.want.to.delete.the.license.type.y=确定删除许可证类型 <licenseType>？
 do.you.really.want.to.delete.the.obligation.x=确定删除义务 <b data-name="title"></b>？
 do.you.really.want.to.delete.the.vendor.x=确定删除供应商 <b data-name="name"></b>？
+do.you.really.want.to.export.sbom.for.the.project.x=Do you really want to export SBOM for the project <b data-name="projectName"></b>?
 do.you.really.want.to.import.all.spdx.all.licenses=确定导入所有SPDX文件中所有的许可证吗？
 do.you.really.want.to.remove.the.link.to.project.x=确定移除项目 <b data-name="project"></b> 的链接？
 do.you.really.want.to.remove.the.link.to.release.x=确定移除发行版本 <b data-name="release"></b> 的链接？
@@ -435,6 +459,7 @@ do.you.really.want.to.remove.the.link.to.release.x.1=确定移除发行版本 <b
 do.you.really.want.to.remove.this.item=确定移除这个项目吗？
 drop.a.file.here=拖拽文件到此处
 duplicate=重复
+duplicate.sbom=DUPLICATE SBOM
 dynamically.linked=动态链接
 ecc.admin=出口管制管理员
 ecc.assessment.date=出口管制评估日期
@@ -506,6 +531,7 @@ enter.folder.id=输入文件夹ID
 enter.fullname=输入全名
 enter.group=输入组
 enter.home.url=输入主页URL
+enter.homepage.url=Enter Homepage Url
 enter.mail.address=输入邮件地址
 enter.mailing.list.url=输入邮件列表URL
 enter.material.index.number=输入材料索引号
@@ -519,6 +545,7 @@ enter.owner.billing.group=输入所有者计费组
 enter.owners.accounting.unit=输入所有者会计单元
 enter.owners.billing.group=输入所有者计费组
 enter.project=输入项目
+enter.purl=Enter PURL
 enter.release=输入发行版本
 enter.release.date=输入发行日期
 enter.request.id=输入请求ID
@@ -542,6 +569,7 @@ enter.user.lastname=输入用户的姓
 enter.user.primary.department=输入用户主要部门
 enter.user.primary.roles=输入用户主要角色
 enter.user.pwd=输入用户密码
+enter.vcs.url=Enter VCS Url
 enter.vendor=输入供应商
 enter.vendor.fullname=输入供应商全名
 enter.vendor.short.name=输入供应商短名称
@@ -601,14 +629,20 @@ failed.to.add.licenses=添加许可证失败
 failed.to.create.clearing.request=创建明确请求失败！
 failed.to.delete.the.obligation=删除义务失败！
 failed.to.edit.secondary.departments.and.roles.for.user=编辑用户的第二部门和角色失败
+failed.to.export.sbom.for.project=Failed to export SBOM for project
 failed.to.fetch.clearing.request.from.db=从数据库获取明确请求失败！
+failed.to.import.sbom=Failed to import SBOM
 failed.to.load=加载失败！
+failed.to.load.sbom.import.status.for.attachment=Failed to load SBOM import status for attachment
 failed.to.load.scanner.findings.with.error=出现错误，加载扫描结果失败
 failed.to.load.source.file.with.error=出现错误，加载源文件失败
 failed.to.reopen.clearing.request=重新打开明确请求失败！
+failed.to.sync.releases=Failed to sync Releases
+failed.to.sync.releases.with.error=Failed to sync Releases with error
 failed.to.update.clearing.request=更新明确请求失败！
 FAILURE=失败
 field.name=领域名称
+file=File
 file.name=文件名
 filename=文件名
 fill.the.form.to.create.clearing.request.for.project.x=填写表格以创建项目<b data-name="name"></b>
@@ -659,6 +693,7 @@ homepage=主页
 homepage.url=主页URL
 how.it.works=它是如何工作的
 ibm.rational.synergy=IBM Rational Synergy
+include.releases.from.sub.projects.in.exported.sbom=Include releases from sub-projects in exported SBOM
 i.could.not.cleanup.the.attachments=无法清理附件！
 i.could.not.delete.the.client=无法删除该客户端
 i.could.not.delete.the.component=无法删除该组件
@@ -688,9 +723,12 @@ import=导入
 import.export=导入和导出
 import.failed=导入失败。
 import.projects=导入项目
-import.spdx.bom=导入SPDX BOM
+import.sbom=导入 SBOM
 import.spdx.information=导入SPDX信息
 import.spdx.licenses=导入SPDX许可证
+import.will.fail.if.there.is.already.an.existing.project.with.same.name.and.version.as.component.present.in.sbom=Import will <span class="font-weight-bold text-danger">fail</span> if there is already an existing project with same name and version as component present in SBOM
+import.will.fail.if.current.project.name.and.version.is.not.same.as.component.present.in.sbom=Import will <span class="font-weight-bold text-danger">fail</span> if current project name and version is not same as component present in SBOM
+imported.sbom.into.project=imported SBOM into project
 incorrect=不正确
 info=信息
 infoempty=显示0到0个条目，共0个条目
@@ -699,6 +737,7 @@ in.case.you.need.the.clearing.at.an.earlier.date.then.the.preferred.date.that.is
 in.order.to.go.ahead.please.sign.in.or.create.a.new.account=要继续，请登录或创建一个新帐户！
 in.progress=进行中
 in.queue=在队列中
+in.sbom.file=in SBOM file
 inaccessible.component=没有权限的组件
 inaccessible.count=没有权限的项目
 inaccessible.release=没有权限的发行版本
@@ -734,6 +773,7 @@ lead.architect=首席架构师
 learn.more.about.clearing.request.priority=了解更多关于明确请求优先级的信息。
 learn.more.about.clearing.request.status=了解更多关于明确请求状态的信息。
 learn.more.about.component.types=了解更多有关组件类型的信息。
+learn.more.about.cyconedx.component.types=Learn more about CycloneDx component types.
 learn.more.about.ecc.statuses=了解更多关于ECC状态的信息。
 learn.more.about.mainline.states=了解更多关于主线状态的信息。
 learn.more.about.project.types=了解更多关于项目类型的信息。
@@ -769,6 +809,7 @@ license.x.is.not.unique.license.is.not.excluded='许可证 "' + licenseId + '" 
 license.x.not.found.license.is.not.excluded='许可证 "' + licenseId + '" 未找到。许可证不被排除。
 lifecycle=生命周期
 linked.projects=链接的项目
+linked.release=Linked Release
 linked.releases=链接的发行版本
 linked.releases.and.projects=链接的发行版本和项目
 link.project=链接项目
@@ -778,6 +819,7 @@ link.release.to.project=链接发行版本到项目
 links=链接
 link.to.project=链接到项目
 link.to.projects=链接到项目
+list.of.components.without.version.information=List of Components without version information
 list.view=列表视图
 loading=加载中...
 loading.data.for.step.1.please.wait=正在加载第1步的数据，请稍候...
@@ -870,6 +912,7 @@ no.license.found.with.your.search=在您的搜索中没有找到许可证。
 no.license.risks.analysis.available=没有可用的许可证风险分析。
 no.linked.obligations=没有链接的义务。
 no.linked.releases.or.projects=没有链接的发行版本或项目
+no.linked.release=No Linked Release
 no.linked.releases.yet=还没有链接的发行版本。
 no.matching.records.found=没有找到匹配的记录
 no.moderation.requests.found=没有找到审核请求。
@@ -892,6 +935,8 @@ none.of.the.directly.linked.releases.are.cleared=没有直接链接的发行版
 not.applicable=不适用
 not.available=不可用
 not.checked=未检查
+not.imported=not imported
+not.linked.to.any.release=not linked to any release
 in.analysis=分析中
 not.decided.so.far=目前还没有决定
 not.loaded.yet=尚未加载
@@ -931,6 +976,7 @@ operating.systems=操作系统
 operation=操作
 optional=可选
 or=或
+or2=or
 org1=org1
 org2=org2
 org3=org3
@@ -998,12 +1044,16 @@ please.enter.the.title=请输入标题！
 please.enter.the.user.name=请输入用户名！
 please.enter.user.key=请输入用户key
 please.enter.valid.access.token.validity=请输入有效的访问令牌有效期间
+please.enter.valid.name=Please enter valid name!
+please.enter.valid.purl=Please enter valid PURL!
 please.enter.valid.refresh.token.validity=请输入有效的刷新令牌有效期间
+please.enter.valid.version=Please enter valid version!
 please.enter.your.external.id=请输入外部ID！
 please.enter.your.first.email=请输入第一封电子邮件！
 please.enter.your.first.name=请输入名！
 please.enter.your.last.name=请输入姓！
 please.fill.a.z.A.Z.0.9.-...+.only=请仅填写[a-z][A-Z][0-9][-.+ ]！
+please.import.this.sbom.from.project.details.page=Please import this SBOM from project details page
 please.migrate.all.releases.and.keep.the.existing.ones=请迁移所有发行版本并保留现有的发行版本！
 please.perform.a.new.search=请执行一个新的搜索。
 please.select.a.file=请选择一个文件！
@@ -1011,8 +1061,10 @@ please.select.a.group=请选择一个组！
 please.select.a.role=请选择一个角色！
 please.select.the.project.type=请选择项目类型！
 please.select.the.project.visibility=请选择项目可视性！
+please.select.the.sbom.format=Please select the SBOM format
 please.select.the.component.visibility=请选择组件可视性！
 please.select.the.server=请选择服务器！
+please.upload.the=Please upload the
 prease.enter.a.valid.url=请输入一个有效的URL！
 possible.main.license.ids=可能的主许可证ID：
 postpone.request=推迟请求
@@ -1040,6 +1092,7 @@ project.import.bdp=项目导入(BDP)
 project.mainline.state=项目主线状态
 project.manager=项目经理
 project.name=项目名称
+project.name.and.version.x.present.in.sbom.metadata.tag.is.not.same.as.the.current.sw360.project=Project name (version): <b>\"+ data.projectName +\"</b> present in SBOM <span class='font-weight-bold text-monospace text-danger'>metadata</span> tag is not same as the current SW360 project
 project.name.first.letters=项目名称（首字母）
 project.namelinks=项目名称链接
 project.obligation.status=项目义务状态
@@ -1071,6 +1124,8 @@ proposed.changes=提议的更改
 proposed.user.attributes=提议的用户属性
 ptc.integrity=PTC Integrity
 publish.date=发行日期
+purl=Purl
+purl.package.url=PURL (Package URL)
 quality.manager=质量经理
 quick.filter=快速过滤
 rate=率
@@ -1081,6 +1136,7 @@ read.and.write.access=读写权限
 recent.components=最近的组件
 recent.releases=最近的发行版本
 re.check.connection=重新检查连接
+redirecting.to.project.details.page=redirecting to project details page
 references=参考
 reference.doc=参考文档
 refresh=刷新
@@ -1090,6 +1146,8 @@ related=相关
 relation=关系
 release=发行版本
 releases=发行版本
+releases.created=Releases created
+releases.reused=Releases reused
 release.aggregate.data=发行版本集合数据
 release.bulk.edit=发行版本批量编辑
 release.clearing.state=发行版本明确状态
@@ -1099,12 +1157,16 @@ release.date.of.this.release=该发行版本的发行日期
 release.filter=发行版本过滤器
 release.mainline.state=发行版本主线状态
 release.name=发行版本名称
+release.name.with.version=Release Name (version)
 release.namelinks=释放名称链接
 release.namesource.attachments.count=发行版本名称源附件计数
 release.overview=发行版本概述
 release.path=发行版本路径
 release.relation=发行版本关系
 release.relationship=发行版本关系
+releases.synced.successfully.please.reload.the.page.to.see.the.changes=Releases synced successfully, Please <a href="javascript:window.location.reload(true)">reload</a> the page to see the changes
+releases.are.already.in.sync.no.action.needed=Releases are already in sync! No action needed
+releases.were.not.imported.because.multiple.duplicate.releases.are.found.with.exact.same.name.and.version=Releases were not imported, because multiple duplicate releases are found with exact same name & version
 ReleaseRelationship="Unkown: 未知 &#10Contained: 如果你不确定它是否是动态链接 &#10Refered: 引用一个被其他组件独立使用的软件 &#10Dynamically Linked: 软件动态链接&#10Statically linked: 软件静态链接 &#10Side by side: 目前未确定 &#10Standalone： 独立交付的软件，没有技术上的联系 &#10Internal Use： 用于创建或构建产品或项目，但不用于交付 &#10Optional: 不是强制安装的部分 &#10Tobereplace: 存在，但应被移出 &#10Code Snippet: 引用，但只使用了一个片段。";
 ReleaseRelationship-CONTAINED=如果你不确定它是否是动态链接。
 ReleaseRelationship-DYNAMICALLY_LINKED=软件动态链接。
@@ -1176,6 +1238,15 @@ save.configuration=保存配置
 saved.attachment.usages=保存附件的用途。
 save.obligations=保存义务
 save.usages=保存用法
+sbom=SBOM
+sbom.document=SBOM document
+sbom.format=SBOM format
+sbom.failed.sanity.check=SBOM FAILED SANITY CHECK
+sbom.exported.successfully=SBOM exported successfully
+sbom.import.failed=SBOM Import Failed
+sbom.import.status=SBOM Import Status
+sbom.import.statistics.for=SBOM Import Statistics for
+sbom.imported.successfully=SBOM imported successfully
 scanned=已扫描
 scan.available=扫描可用
 scan.the.sources=扫描源
@@ -1260,6 +1331,7 @@ source.file.information.not.found.in.cli=在CLI中找不到源文件信息
 source.file.information.not.found.in.isr=在ISR中找不到源文件信息
 source.release=源发行版本
 source.vendor=源供应商
+spdx=SPDX
 spdx.attachments=SPDX附件
 special.risk.open.source.software=特殊风险开源软件
 special.risks.3rd.party.software=特殊风险第三方软件
@@ -1294,11 +1366,13 @@ sw360.admin=SW360管理员
 sw360.is.an.open.source.software.project.that.provides.both.a.web.application.and.a.repository.to.collect=SW360是一个开源软件项目，它提供了一个 Web应用程序和一个存储库以收集，
 sw360.is.an.open.source.software.project.that.provides.both.a.web.application.and.a.repository.to.collect.organize.and.make.available.information.about.software.components.it.establishes.a.central.hub.for.software.components.in.an.organization=SW360是一个开源软件项目，它提供了一个 Web 应用程序和一个存储库以收集，组织和提供有关软件组件的信息。它为组织中的软件组件建立了一个中心枢纽。
 sw360.user=SW360用户
+sync=Sync
 system.test.begin=系统测试开始
 system.test.begin.date.yyyy.mm.dd=系统测试开始日期YYYY-MM-DD
 system.test.end=系统测试结束
 system.test.end.date.yyyy.mm.dd=系统测试结束日期YYYY-MM-DD
 tag=标签
+tag2=tag
 target.component=目标组件
 target.release=目标发行版本：
 target.vendor=目标供应商：
@@ -1333,6 +1407,7 @@ the.user.x.will.be.added.to.the.list.of.moderators="用户 <b class='user'>" + u
 the.verification.of.vulnerabilities.will.be=<strong data-name="vulnerabilityCount"></strong> 件的脆弱性验证将被修改至 <strong data-name="verification"></strong>。
 this.component.x.contains=组件 <b data-name="name"></b> 包含:
 this.component.x.contains.y.attachments=组件 <span data-name="name"></span> 包含附件 <b><span data-name="attachments"></span></b>。
+this.currently.only.supports.spdx.rdf.xml.files.with.a.unique.described.top.level.node=This currently only supports SPDX RDF/XML files with a unique described top level node
 this.error.can.lead.to.inconsistencies.in.the.database.please.inform.the.administrator.that.the.following.vendors.could.not.be.merged=这个错误会导致数据库的不一致。请通知管理员以下供应商无法合并：
 this.error.can.lead.to.inconsistencies.in.the.database.please.inform.the.administrator.with.the.following.information=这个错误会导致数据库的不一致。请告知管理员以下信息：
 this.function.is.meant.to.be.followed.by.a.new.license.import=这个功能试图导入一个新的许可证。
@@ -1344,12 +1419,16 @@ this.project.contains=这个项目包含
 this.project.x.contains=项目 <b data-name="name"></b> 包含:
 this.release.x.contains=发行版本 <b data-name="name"></b> 包含:
 this.release.x.contains.1=发行版本 <span data-name="name"></span> 包含
+time.taken.for.export=Time taken for export
+time.taken.for.import=Time taken for import
 title=标题
 to=到
 to.be.replaced=被替换
 to.view.the.files.corresponding.to.each.licenses.go.to.clearing.details.tab.of.respective.release=要查看与每个许可证对应的文件，请转到相应发行版本的“明确详细信息”页面。
 today=今天
+total.components=Total Components
 total.number.of.files=文件总数
+total.releases=Total Releases
 enable.svm=启用SVM
 obligation=义务
 obligation.details=义务详情
@@ -1388,6 +1467,7 @@ update.vendor=更新供应商
 update.whitelist=更新白名单
 updating.the.moderation.request.failed=更新审核请求失败。
 upload=上传
+upload.and.import=Upload & Import
 upload.attachment=上传附件
 upload.component.attachments=上传组件附件
 upload.component.csv=上传组件CSV
@@ -1397,8 +1477,10 @@ uploaded.on=上传时间
 upload.license.archive=上传许可证存档
 upload.licenses=上传许可证
 upload.release.links=上传发行版本链接
+upload.successful.importing.of.sbom.is.in.progress=Upload successful, Importing of SBOM is in progress
 upload.the.sources.to.fossology=上传源到FOSSology
 upload.users=上传用户
+uploading.sbom.file=Uploading SBOM file
 url=URL
 usage.overview=使用概览
 usage.right.available=可用的使用权限
@@ -1419,6 +1501,8 @@ users.already.in.couchdb=用户已经在于Couch DB中
 users.not.in.couchdb=用户不存在于Couch DB中
 use.selection.of.this.subproject=使用这个子项目的选择
 valid.for.projects=对项目有效
+vcs=VCS
+vcs.version.control.system=VCS (Version Control System)
 vender=供应商
 vendor=供应商
 vendor.advisories=供应商建议
@@ -1433,12 +1517,14 @@ VerificationState-INCORRECT=已经决定驳回验证。
 VerificationState-NOT_CHECKED=还没有人看过并验证过。
 version=版本
 very.large=非常大
+via.purl=via PURL
 view.clearing.request=查看明确请求
 view.clearing.request.failure.message=我们无法在数据库中找到项目 <b data-name="projectName"></b><br> 的明确请求 [ID: <b data-name="crId"></b>]。请稍后再试。
 view.by.releases=按发行版本查看
 view.change.logs=查看更改日志
 view.file.list=查看文件列表
 view.obligations=查看义务
+view.sbom.import.result=View SBOM import result
 view.scanner.findings.license=查看扫描器结果（许可证）
 visibility=可视性
 Visibility=Private：仅创建者（以及拥有所有可见性级别的管理员）可见 &#10Me and Moderators：创建者和审核者可见 &#10Group and Moderators：同一组的所有用户和审核者可见 &#10Everyone：所有用户可见
@@ -1466,12 +1552,14 @@ whitesource.organization.api.key=Whitesource组织API key
 whitesource.user.key=Whitesource用户key
 with.attachments=带附件
 with.cli.attachments=带CLI附件
+with.file.error=with fileError
 without.attachments=没有附件
 without.source.attachments=没有源附件
 wiki=Wiki
 wiki.url=Wiki URL
 will.be.fulfilled.before.release=将在发布前完成
 will.be.set.automatically=将自动设置
+will.not.be.created.if.it.does.not.contain=will not be created if it does not contain
 write.access=写权限
 wsimport=wsimport
 x.rows.selected=%d行已选择
@@ -1482,6 +1570,7 @@ you.are.removed.from.the.list.of.moderators.for.the.previous.moderation.request=
 you.are.signed.in.please.go.ahead.using.sw360=已登录，请继续使用SW360！
 you.are.the.last.moderator.for.this.request.you.are.not.allowed.to.unsubscribe=您是此请求的最后一个审核者 - 您不能退订。
 you.do.not.have.any.open.moderation.requests=没有任何开放的审核请求。
+you.do.not.have.permission.to.import.or.export.the.sbom=You do not have permission to import or export the SBOM
 you.do.not.own.any.components=不拥有任何组件。
 you.do.not.own.any.projects=不拥有任何项目。
 you.have.accepted.the.previous.moderation.request=已接受之前的审核请求。
@@ -1697,4 +1786,13 @@ vulnerability.cve.year = CVE Year
 vulnerability.cve.number = CVE Number
 
 cve.year.must.be.greater.than.0 = Cve Year Must Greater Than 0
-cve.number.must.be.positive.number = Cve Number Must Be Positive Number
\ No newline at end of file
+cve.number.must.be.positive.number = Cve Number Must Be Positive Number
+
+## CycloneDX Component Type
+application=Application
+container=Container
+device=Device
+firmware=Firmware
+framework=Framework
+library=Library
+operating.system=Operating System
diff --git a/frontend/sw360-portlet/src/main/resources/org/eclipse/sw360/portal/portlets/base.properties b/frontend/sw360-portlet/src/main/resources/org/eclipse/sw360/portal/portlets/base.properties
index ad9e6e69ac..2c62ad83da 100644
--- a/frontend/sw360-portlet/src/main/resources/org/eclipse/sw360/portal/portlets/base.properties
+++ b/frontend/sw360-portlet/src/main/resources/org/eclipse/sw360/portal/portlets/base.properties
@@ -12,6 +12,8 @@ com.liferay.portlet.css-class-wrapper=sw360-portlet
 com.liferay.portlet.header-portlet-css=/css/main.css
 com.liferay.portlet.instanceable=false
 
+javax.portlet.version=3.0.1
+service=javax.portlet.Portlet.class
 javax.portlet.portlet-mode=text/html;view,
 javax.portlet.expiration-cache=0,
 javax.portlet.init-param.copy-request-parameters=false
diff --git a/frontend/sw360-portlet/src/main/resources/sw360.properties b/frontend/sw360-portlet/src/main/resources/sw360.properties
index 30a63116b1..bf8340dea9 100644
--- a/frontend/sw360-portlet/src/main/resources/sw360.properties
+++ b/frontend/sw360-portlet/src/main/resources/sw360.properties
@@ -244,3 +244,15 @@ enable.security.vulnerability.monitoring=false
 
 ## This property is used to enable the tab SPDX Document feature.
 #spdx.document.enabled = false
+
+## This property is used to control the user role for SBOM import and export.
+#sbom.import.export.access.usergroup=USER
+
+## This property is used to set the tool name in exported CycloneDx SBOM
+#sw360.tool.name = SW360
+
+## This property is used to set the tool name in exported CycloneDx SBOM
+#sw360.tool.vendor = Eclipse Foundation
+
+## This property is used to get the version of SW360 automatically from pom.xml of datahandler module.
+#datahandler.pom.file.path=/META-INF/maven/org.eclipse.sw360/datahandler/pom.xml
diff --git a/libraries/datahandler/pom.xml b/libraries/datahandler/pom.xml
index de8fa8d4a0..5038c230b9 100644
--- a/libraries/datahandler/pom.xml
+++ b/libraries/datahandler/pom.xml
@@ -273,6 +273,10 @@
             <groupId>com.tngtech.java</groupId>
             <artifactId>junit-dataprovider</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.apache.maven</groupId>
+            <artifactId>maven-model</artifactId>
+        </dependency>
     </dependencies>
 
 </project>
\ No newline at end of file
diff --git a/libraries/datahandler/src/main/java/org/eclipse/sw360/datahandler/common/SW360Constants.java b/libraries/datahandler/src/main/java/org/eclipse/sw360/datahandler/common/SW360Constants.java
index 2d95261136..83c8edb144 100644
--- a/libraries/datahandler/src/main/java/org/eclipse/sw360/datahandler/common/SW360Constants.java
+++ b/libraries/datahandler/src/main/java/org/eclipse/sw360/datahandler/common/SW360Constants.java
@@ -52,6 +52,14 @@ public class SW360Constants {
     public static final String SUCCESS = "success";
     public static final String FAILURE = "failure";
     public static final String MESSAGE = "message";
+    public static final String NULL_STRING = "null";
+    public static final String PACKAGE_URL = "package-url";
+    public static final String PURL_ID = "purl.id";
+    public static final String XML_FILE_EXTENSION = "xml";
+    public static final String JSON_FILE_EXTENSION = "json";
+    public static final String PROJECT_IDS = "projectIds";
+    public static final String RELEASE_IDS = "releaseIds";
+
     // Proper values of the "type" member to deserialize to CouchDB
     public static final String TYPE_OBLIGATION = "obligation";
     public static final String TYPE_OBLIGATIONS = "obligations";
@@ -86,6 +94,10 @@ public class SW360Constants {
     public static final String SVM_SHORT_STATUS;
     public static final String SVM_SHORT_STATUS_KEY;
     public static final String SVM_SCHEDULER_EMAIL;
+    public static final String DATA_HANDLER_POM_FILE_PATH;
+    public static final String TOOL_NAME;
+    public static final String TOOL_VENDOR;
+    public static final UserGroup SBOM_IMPORT_EXPORT_ACCESS_USER_ROLE;
 
     /**
      * Hashmap containing the name field for each type.
@@ -178,6 +190,10 @@ private SW360Constants() {
         SVM_SCHEDULER_EMAIL = props.getProperty("svm.scheduler.email", "");
         SVM_MONITORINGLIST_ID = props.getProperty("svm.monitoringlist.id", "");
         SPDX_DOCUMENT_ENABLED = Boolean.parseBoolean(props.getProperty("spdx.document.enabled", "false"));
+        DATA_HANDLER_POM_FILE_PATH = props.getProperty("datahandler.pom.file.path", "/META-INF/maven/org.eclipse.sw360/datahandler/pom.xml");
+        TOOL_NAME = props.getProperty("sw360.tool.name", "SW360");
+        TOOL_VENDOR = props.getProperty("sw360.tool.vendor", "Eclipse Foundation");
+        SBOM_IMPORT_EXPORT_ACCESS_USER_ROLE = UserGroup.valueOf(props.getProperty("sbom.import.export.access.usergroup", UserGroup.USER.name()));
     }
 
     private static Map.Entry<String, String> pair(TFieldIdEnum field, String displayName){
diff --git a/libraries/datahandler/src/main/java/org/eclipse/sw360/datahandler/common/SW360Utils.java b/libraries/datahandler/src/main/java/org/eclipse/sw360/datahandler/common/SW360Utils.java
index a446048770..1e41853d97 100644
--- a/libraries/datahandler/src/main/java/org/eclipse/sw360/datahandler/common/SW360Utils.java
+++ b/libraries/datahandler/src/main/java/org/eclipse/sw360/datahandler/common/SW360Utils.java
@@ -37,22 +37,23 @@
 import org.eclipse.sw360.datahandler.thrift.users.RequestedAction;
 import org.eclipse.sw360.datahandler.thrift.users.User;
 import org.eclipse.sw360.datahandler.thrift.users.UserGroup;
-import org.eclipse.sw360.datahandler.thrift.users.UserService;
 import org.eclipse.sw360.datahandler.thrift.vendors.Vendor;
 import org.eclipse.sw360.datahandler.thrift.vulnerabilities.ReleaseVulnerabilityRelation;
 import org.eclipse.sw360.datahandler.thrift.vulnerabilities.Vulnerability;
 import org.eclipse.sw360.datahandler.thrift.spdx.spdxdocument.SPDXDocument;
 import org.eclipse.sw360.datahandler.thrift.spdx.documentcreationinformation.DocumentCreationInformation;
 import org.eclipse.sw360.datahandler.thrift.spdx.spdxpackageinfo.PackageInformation;
-import org.apache.commons.lang.StringUtils;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
+import org.apache.maven.model.Model;
+import org.apache.maven.model.io.xpp3.MavenXpp3Reader;
 import org.apache.thrift.TEnum;
 import org.apache.thrift.TException;
 import org.eclipse.sw360.datahandler.thrift.vulnerabilities.VulnerabilityService;
 import org.jetbrains.annotations.NotNull;
 
 import java.io.IOException;
+import java.io.InputStreamReader;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
 import java.time.LocalDate;
@@ -348,6 +349,29 @@ public static String printFullname(User user) {
         return sb.toString();
     }
 
+    public static boolean isUserAtleastDesiredRoleInPrimaryOrSecondaryGroup(User user, UserGroup userGroup) {
+        if (PermissionUtils.isUserAtLeast(userGroup, user)) {
+            return true;
+        }
+        if (CommonUtils.isNullOrEmptyMap(user.getSecondaryDepartmentsAndRoles())) {
+            return false;
+        }
+        return (PermissionUtils.isUserAtLeastDesiredRoleInSecondaryGroup(userGroup,
+                user.getSecondaryDepartmentsAndRoles().values().stream().flatMap(Set::stream).collect(Collectors.toSet())));
+    }
+
+    public static String getSW360Version() {
+        final MavenXpp3Reader reader = new MavenXpp3Reader();
+        try (InputStreamReader iStreamReader = new InputStreamReader(
+                SW360Utils.class.getResourceAsStream(SW360Constants.DATA_HANDLER_POM_FILE_PATH))) {
+            Model model = reader.read(iStreamReader);
+            return model.getVersion();
+        } catch (Exception e) {
+            log.error("Error while getting SW360 version information: "+ e);
+            return SW360Constants.NA;
+        }
+    }
+
     public static Collection<ProjectLink> getLinkedProjects(Project project, boolean deep, ThriftClients thriftClients, Logger log, User user) {
         if (project != null) {
             try {
@@ -374,6 +398,26 @@ public static Collection<ProjectLink> getLinkedProjects(String id, boolean deep,
         return Collections.emptyList();
     }
 
+    public static Set<String> getLinkedReleaseIdsOfAllSubProjectsAsFlatList(Project project, Set<String> projectIds, Set<String> releaseIds, ProjectService.Iface client, User user) {
+        for (String projId : CommonUtils.getNullToEmptyKeyset(project.getLinkedProjects())) {
+            if (!projectIds.contains(projId)) {
+                try {
+                    projectIds.add(projId);
+                    project = client.getProjectById(projId, user);
+                    if (project.getReleaseIdToUsageSize() > 0) {
+                        releaseIds.addAll(project.getReleaseIdToUsage().keySet());
+                    }
+                    if (project.getLinkedProjectsSize() > 0) {
+                        getLinkedReleaseIdsOfAllSubProjectsAsFlatList(project, projectIds, releaseIds, client, user);
+                    }
+                } catch (TException e) {
+                    log.error("Could not get linked projects while exporting SBOM: ", e);
+                }
+            }
+        }
+        return releaseIds;
+    }
+
     public static Collection<ProjectLink> getLinkedProjectsAsFlatList(Project project, boolean deep, ThriftClients thriftClients, Logger log, User user) {
         return flattenProjectLinkTree(getLinkedProjects(project, deep, thriftClients, log, user));
     }
diff --git a/libraries/datahandler/src/main/java/org/eclipse/sw360/datahandler/common/ThriftEnumUtils.java b/libraries/datahandler/src/main/java/org/eclipse/sw360/datahandler/common/ThriftEnumUtils.java
index e1b94290ff..305f90b32c 100644
--- a/libraries/datahandler/src/main/java/org/eclipse/sw360/datahandler/common/ThriftEnumUtils.java
+++ b/libraries/datahandler/src/main/java/org/eclipse/sw360/datahandler/common/ThriftEnumUtils.java
@@ -359,6 +359,17 @@ private ThriftEnumUtils() {
             .put(UserAccess.READ_WRITE, "Read and Write")
             .build();
 
+    private static final ImmutableMap<CycloneDxComponentType, String> MAP_CYCLONE_DX_COMPONENT_TYPE_STRING = ImmutableMap.<CycloneDxComponentType, String>builder()
+            .put(CycloneDxComponentType.APPLICATION, "Application")
+            .put(CycloneDxComponentType.CONTAINER, "Container")
+            .put(CycloneDxComponentType.DEVICE, "Device")
+            .put(CycloneDxComponentType.FILE, "File")
+            .put(CycloneDxComponentType.FIRMWARE, "Firmware")
+            .put(CycloneDxComponentType.FRAMEWORK, "Framework")
+            .put(CycloneDxComponentType.LIBRARY, "Library")
+            .put(CycloneDxComponentType.OPERATING_SYSTEM, "Operating System")
+            .build();
+
     public static final ImmutableMap<Class<? extends TEnum>, Map<? extends TEnum, String>>
             MAP_ENUMTYPE_MAP = ImmutableMap.<Class<? extends TEnum>, Map<? extends TEnum, String>>builder()
             .put(ComponentType.class, MAP_COMPONENT_TYPE_STRING)
@@ -395,6 +406,7 @@ private ThriftEnumUtils() {
             .put(ObligationType.class, MAP_OBLIGATION_TYPE_STRING)
             .put(ClearingRequestPriority.class, MAP_CLEARING_REQUEST_PRIORITY_STRING)
             .put(UserAccess.class, MAP_USER_ACCESS_STRING)
+            .put(CycloneDxComponentType.class, MAP_CYCLONE_DX_COMPONENT_TYPE_STRING)
             .build();
 
     public static String enumToString(TEnum value) {
@@ -413,7 +425,8 @@ public static  <T extends Enum<T>> T  stringToEnum(String in, Class<T> clazz){
 
          return null;
      }
-    public static  <T extends Enum<T>> T  enumByString(String in, Class<T> clazz){
+
+     public static  <T extends Enum<T>> T  enumByString(String in, Class<T> clazz){
         Map<? extends TEnum, String> map = MAP_ENUMTYPE_MAP.get(clazz);
         for (T t : clazz.getEnumConstants()) {
             if(map.get(t).equals(in)) return t;
diff --git a/libraries/datahandler/src/main/thrift/components.thrift b/libraries/datahandler/src/main/thrift/components.thrift
index ed264a1a0c..b43ea45416 100644
--- a/libraries/datahandler/src/main/thrift/components.thrift
+++ b/libraries/datahandler/src/main/thrift/components.thrift
@@ -17,6 +17,7 @@ include "licenses.thrift"
 namespace java org.eclipse.sw360.datahandler.thrift.components
 namespace php sw360.thrift.components
 
+typedef sw360.CycloneDxComponentType CycloneDxComponentType
 typedef sw360.RequestStatus RequestStatus
 typedef sw360.RequestSummary RequestSummary
 typedef sw360.AddDocumentRequestSummary AddDocumentRequestSummary
@@ -320,6 +321,7 @@ struct Component {
     30: optional map<string,set<string>> roles, //customized roles with set of mail addresses
     80: optional Visibility visbility = sw360.Visibility.EVERYONE,
     81: optional string businessUnit,
+    82: optional CycloneDxComponentType cdxComponentType, // required field in CycloneDX specifications
 
     // information from external data sources
     31: optional  map<string, string> externalIds,
diff --git a/libraries/datahandler/src/main/thrift/projects.thrift b/libraries/datahandler/src/main/thrift/projects.thrift
index 5950f08464..5547ed8ba8 100644
--- a/libraries/datahandler/src/main/thrift/projects.thrift
+++ b/libraries/datahandler/src/main/thrift/projects.thrift
@@ -501,6 +501,21 @@ service ProjectService {
      **/
     RequestSummary importBomFromAttachmentContent(1: User user, 2:string attachmentContentId);
 
+    /**
+     * Parse a CycloneDx SBoM file (XML or JSON) and write the information to SW360 as Project / Component / Release
+     */
+    RequestSummary importCycloneDxFromAttachmentContent(1: User user, 2: string attachmentContentId, 3: string projectId) throws (1: SW360Exception exp);
+
+    /**
+     * Export a CycloneDx SBoM file (XML or JSON) for a Project
+     */
+    RequestSummary exportCycloneDxSbom(1: string projectId, 2: string bomType, 3: bool includeSubProjReleases, 4: User user) throws (1: SW360Exception exp);
+
+    /**
+     * Get the SBOM import statistics information from attachment as String (JSON formatted)
+     */
+    string getSbomImportInfoFromAttachmentAsString(string attachmentContentId) throws (1: SW360Exception exp);
+
     /**
      * create clearing request for project
      */
diff --git a/libraries/datahandler/src/main/thrift/sw360.thrift b/libraries/datahandler/src/main/thrift/sw360.thrift
index 8d429cc832..21b2598d27 100644
--- a/libraries/datahandler/src/main/thrift/sw360.thrift
+++ b/libraries/datahandler/src/main/thrift/sw360.thrift
@@ -152,6 +152,17 @@ enum ClearingReportStatus {
     DOWNLOAD = 2
 }
 
+enum CycloneDxComponentType {
+    APPLICATION = 0,
+    CONTAINER = 1,
+    DEVICE = 2,
+    FILE = 3,
+    FIRMWARE = 4,
+    FRAMEWORK = 5,
+    LIBRARY = 6,
+    OPERATING_SYSTEM = 7,
+}
+
 struct ConfigContainer {
     1: optional string id,
     2: optional string revision,
diff --git a/pom.xml b/pom.xml
index a482cff771..455444a3b9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -138,7 +138,7 @@
     <okhttp.version>4.10.0</okhttp.version>
     <org.spdx.java.spdx.library.version>1.1.1</org.spdx.java.spdx.library.version>
     <org.spdx.tools.java.version>1.1.5</org.spdx.tools.java.version>
-    <package-url.version>1.1.1</package-url.version>
+    <package-url.version>1.4.1</package-url.version>
     <poi.version>4.1.2</poi.version>
     <project-lombok.version>1.18.24</project-lombok.version>
     <require.js.version>2.3.6</require.js.version>
@@ -310,6 +310,16 @@
         <artifactId>jakarta.xml.bind-api</artifactId>
         <version>${jakarta-xml-bind.version}</version>
       </dependency>
+      <dependency>
+        <groupId>org.cyclonedx</groupId>
+        <artifactId>cyclonedx-core-java</artifactId>
+        <version>7.3.2</version>
+      </dependency>
+      <dependency>
+          <groupId>org.apache.maven</groupId>
+          <artifactId>maven-model</artifactId>
+          <version>3.9.2</version>
+      </dependency>
       <!-- Runtime, com.sun.xml.bind module: java 11 compatibility  -->
       <dependency>
         <groupId>org.glassfish.jaxb</groupId>
diff --git a/rest/resource-server/src/docs/asciidoc/projects.adoc b/rest/resource-server/src/docs/asciidoc/projects.adoc
index 6f93810f29..ec364022eb 100644
--- a/rest/resource-server/src/docs/asciidoc/projects.adoc
+++ b/rest/resource-server/src/docs/asciidoc/projects.adoc
@@ -621,9 +621,9 @@ include::{snippets}/should_document_update_project_vulnerabilities/links.adoc[]
 [[resources-import-sbom]]
 ==== Import SBOM
 
-A `POST` request is used to import SBOM in SPDX format.
+A `POST` request is used to import a SBOM. Only SPDX and CycloneDX files are accepted.
 
-[red]#Request parameters#
+[red]#Request parameter#
 |===
 |Parameter |Description
 
@@ -631,7 +631,7 @@ A `POST` request is used to import SBOM in SPDX format.
 |File type of SBOM
 |===
 
-[red]#Request structure#
+[red]#Request body#
 |===
 Type |Description
 
@@ -639,17 +639,46 @@ Type |Description
 |Path of the SBOM file
 |===
 
+[red]#Response structure#
+|===
+|Complete Project will be returned
+|===
+
+===== Example request 1
+include::{snippets}/should_document_import_spdx/curl-request.adoc[]
+
+===== Example response 1
+include::{snippets}/should_document_import_spdx/http-response.adoc[]
+
+===== Example request 2
+include::{snippets}/should_document_import_cyclonedx/curl-request.adoc[]
+
+===== Example response 2
+include::{snippets}/should_document_import_cyclonedx/http-response.adoc[]
+
+[[resources-import-sbom-on-project]]
+==== Import SBOM on project
+
+A `POST` request is used to import a SBOM on a project. Currently only CycloneDX(.xml/.json) files are supported.
+
+[red]#Request body#
+|===
+Type |Description
+
+|file
+|Path of the SBOM file
+|===
 
 [red]#Response structure#
 |===
 |Complete Project will be returned
 |===
 
-===== Example request
-include::{snippets}/should_document_import_sbom/curl-request.adoc[]
+===== Example request 1
+include::{snippets}/should_document_import_cyclonedx_on_project/curl-request.adoc[]
 
-===== Example response
-include::{snippets}/should_document_import_sbom/http-response.adoc[]
+===== Example response 1
+include::{snippets}/should_document_import_cyclonedx_on_project/http-response.adoc[]
 
 [[resources-project-getprojectcount]]
 ==== Get project count of a user
diff --git a/rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/core/JacksonCustomizations.java b/rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/core/JacksonCustomizations.java
index ee7b59975a..68dab865b8 100644
--- a/rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/core/JacksonCustomizations.java
+++ b/rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/core/JacksonCustomizations.java
@@ -107,6 +107,7 @@ public Sw360Module() {
 
         @JsonInclude(JsonInclude.Include.NON_NULL)
         static abstract class MultiStatusMixin extends MultiStatus {
+            @Override
             @JsonProperty("status")
             abstract public int getStatusCode();
         }
@@ -390,7 +391,9 @@ static abstract class UserMixin extends User {
                 "setAdditionalData",
                 "setModifiedOn",
                 "setModifiedBy",
-                "modifiedBy"
+                "modifiedBy",
+                "cdxComponentType",
+                "setCdxComponentType"
         })
         static abstract class ComponentMixin extends Component {
             @Override
diff --git a/rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/project/ProjectController.java b/rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/project/ProjectController.java
index 02f7128686..483375e0a3 100644
--- a/rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/project/ProjectController.java
+++ b/rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/project/ProjectController.java
@@ -17,6 +17,7 @@
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.Lists;
 import com.google.common.collect.Sets;
+import com.google.gson.Gson;
 import com.google.gson.JsonObject;
 
 import lombok.NonNull;
@@ -43,7 +44,6 @@
 import org.eclipse.sw360.datahandler.thrift.RequestSummary;
 import org.eclipse.sw360.datahandler.thrift.SW360Exception;
 import org.eclipse.sw360.datahandler.thrift.Source;
-import org.eclipse.sw360.datahandler.thrift.ThriftClients;
 import org.eclipse.sw360.datahandler.thrift.attachments.Attachment;
 import org.eclipse.sw360.datahandler.thrift.attachments.AttachmentContent;
 import org.eclipse.sw360.datahandler.thrift.attachments.AttachmentType;
@@ -62,7 +62,6 @@
 import org.eclipse.sw360.datahandler.thrift.projects.ProjectClearingState;
 import org.eclipse.sw360.datahandler.thrift.projects.ProjectLink;
 import org.eclipse.sw360.datahandler.thrift.projects.ProjectProjectRelationship;
-import org.eclipse.sw360.datahandler.thrift.projects.ProjectService;
 import org.eclipse.sw360.datahandler.thrift.users.User;
 import org.eclipse.sw360.datahandler.thrift.vendors.Vendor;
 import org.eclipse.sw360.datahandler.thrift.vulnerabilities.ProjectVulnerabilityRating;
@@ -1033,36 +1032,88 @@ public ResponseEntity<CollectionModel<EntityModel<Project>>> getUsedByProjectDet
     @PreAuthorize("hasAuthority('WRITE')")
     @RequestMapping(value = PROJECTS_URL + "/import/SBOM", method = RequestMethod.POST, consumes = {MediaType.MULTIPART_FORM_DATA_VALUE})
     public ResponseEntity<?> importSBOM(@RequestParam(value = "type", required = true) String type,
-                                                  @RequestBody MultipartFile file) throws TException {
+            @RequestBody MultipartFile file) throws TException {
         final User sw360User = restControllerHelper.getSw360UserFromAuthentication();
         Attachment attachment = null;
         final RequestSummary requestSummary;
-        if (!type.equalsIgnoreCase("SPDX")) {
-            return new ResponseEntity<String>("Invalid SBOM file type. It currently only supports SPDX(.rdf/.xml) files.",
+        String projectId = null;
+        Map<String, String> messageMap = new HashMap<>();
+
+        if (!(type.equalsIgnoreCase("SPDX") || type.equalsIgnoreCase("CycloneDX"))) {
+            return new ResponseEntity<String>("Invalid SBOM file type. Only SPDX(.rdf/.xml) and CycloneDX(.json/.xml) files are supported.",
                     HttpStatus.BAD_REQUEST);
         }
+
         try {
             attachment = attachmentService.uploadAttachment(file, new Attachment(), sw360User);
-            try {
-                requestSummary = projectService.importSBOM(sw360User, attachment.getAttachmentContentId());
-            } catch (Exception e) {
-                log.error("Failed to import SBOM", e.getMessage());
-                throw new RuntimeException(e.getMessage());
+        } catch (IOException e) {
+            log.error("failed to upload attachment", e);
+            throw new RuntimeException("failed to upload attachment", e);
+        }
+
+        if (type.equalsIgnoreCase("SPDX")) {
+            requestSummary = projectService.importSPDX(sw360User, attachment.getAttachmentContentId());
+
+            if (!(requestSummary.getRequestStatus() == RequestStatus.SUCCESS)) {
+                return new ResponseEntity<String>(requestSummary.getMessage(), HttpStatus.BAD_REQUEST);
+            }
+            projectId = requestSummary.getMessage();
+        } else {
+            requestSummary = projectService.importCycloneDX(sw360User, attachment.getAttachmentContentId(), "");
+
+            if (requestSummary.getRequestStatus() == RequestStatus.FAILURE) {
+                return new ResponseEntity<String>(requestSummary.getMessage(), HttpStatus.BAD_REQUEST);
             }
+            String jsonMessage = requestSummary.getMessage();
+            messageMap = new Gson().fromJson(jsonMessage, Map.class);
+            projectId = messageMap.get("projectId");
+
+            if (requestSummary.getRequestStatus() == RequestStatus.DUPLICATE) {
+                return new ResponseEntity<String>("A project with same name and version already exists. The projectId is: "
+                        + projectId, HttpStatus.CONFLICT);
+            }
+        }
+
+        Project project = projectService.getProjectForUserById(projectId, sw360User);
+        HalResource<Project> halResource = createHalProject(project, sw360User);
+        return new ResponseEntity<HalResource<Project>>(halResource, HttpStatus.OK);
+    }
+
+    @PreAuthorize("hasAuthority('WRITE')")
+    @RequestMapping(value = PROJECTS_URL + "/{id}/import/SBOM", method = RequestMethod.POST, consumes = {MediaType.MULTIPART_FORM_DATA_VALUE})
+    public ResponseEntity<?> importSBOMonProject(@PathVariable(value = "id", required = true) String id,
+                                                  @RequestBody MultipartFile file) throws TException {
+        final User sw360User = restControllerHelper.getSw360UserFromAuthentication();
+        Attachment attachment = null;
+        final RequestSummary requestSummary;
+        String projectId = null;
+        Map<String, String> messageMap = new HashMap<>();
+
+        try {
+            attachment = attachmentService.uploadAttachment(file, new Attachment(), sw360User);
         } catch (IOException e) {
             log.error("failed to upload attachment", e);
             throw new RuntimeException("failed to upload attachment", e);
         }
 
-        String projectId = requestSummary.getMessage();
+        requestSummary = projectService.importCycloneDX(sw360User, attachment.getAttachmentContentId(), id);
 
-        if (!(requestSummary.requestStatus == RequestStatus.SUCCESS && CommonUtils.isNotNullEmptyOrWhitespace(projectId))) {
-            return new ResponseEntity<String>("Invalid SBOM file", HttpStatus.BAD_REQUEST);
+        if (requestSummary.getRequestStatus() == RequestStatus.FAILURE) {
+            return new ResponseEntity<String>(requestSummary.getMessage(), HttpStatus.BAD_REQUEST);
         }
+        String jsonMessage = requestSummary.getMessage();
+        messageMap = new Gson().fromJson(jsonMessage, Map.class);
+        projectId = messageMap.get("projectId");
+
+        if (requestSummary.getRequestStatus() == RequestStatus.DUPLICATE) {
+            return new ResponseEntity<String>(
+                    "A project with same name and version already exists. The projectId is: " + projectId,
+                    HttpStatus.CONFLICT);
+        }
+
         Project project = projectService.getProjectForUserById(projectId, sw360User);
-        HttpStatus status = HttpStatus.OK;
         HalResource<Project> halResource = createHalProject(project, sw360User);
-        return new ResponseEntity<HalResource<Project>>(halResource, status);
+        return new ResponseEntity<HalResource<Project>>(halResource, HttpStatus.OK);
     }
 
     @Override
diff --git a/rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/project/Sw360ProjectService.java b/rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/project/Sw360ProjectService.java
index b499d1037f..f1a551a4a8 100644
--- a/rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/project/Sw360ProjectService.java
+++ b/rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/project/Sw360ProjectService.java
@@ -484,14 +484,26 @@ public int getMyAccessibleProjectCounts(User sw360User) throws TException {
     }
 
     /**
-     * Import SBOM using the method on the thrift client.
+     * Import SPDX SBOM using the method on the thrift client.
      * @param user                User uploading the SBOM
      * @param attachmentContentId Id of the attachment uploaded
      * @return RequestSummary
      * @throws TException
      */
-    public RequestSummary importSBOM(User user, String attachmentContentId) throws TException {
+    public RequestSummary importSPDX(User user, String attachmentContentId) throws TException {
         ProjectService.Iface sw360ProjectClient = getThriftProjectClient();
         return sw360ProjectClient.importBomFromAttachmentContent(user, attachmentContentId);
     }
+
+    /**
+     * Import CycloneDX SBOM using the method on the thrift client.
+     * @param user                User uploading the SBOM
+     * @param attachmentContentId Id of the attachment uploaded
+     * @return RequestSummary
+     * @throws TException
+     */
+    public RequestSummary importCycloneDX(User user, String attachmentContentId, String projectId) throws TException {
+        ProjectService.Iface sw360ProjectClient = getThriftProjectClient();
+        return sw360ProjectClient.importCycloneDxFromAttachmentContent(user, attachmentContentId, CommonUtils.nullToEmptyString(projectId));
+    }
 }
diff --git a/rest/resource-server/src/test/java/org/eclipse/sw360/rest/resourceserver/restdocs/ProjectSpecTest.java b/rest/resource-server/src/test/java/org/eclipse/sw360/rest/resourceserver/restdocs/ProjectSpecTest.java
index c6c1204433..32527de37e 100644
--- a/rest/resource-server/src/test/java/org/eclipse/sw360/rest/resourceserver/restdocs/ProjectSpecTest.java
+++ b/rest/resource-server/src/test/java/org/eclipse/sw360/rest/resourceserver/restdocs/ProjectSpecTest.java
@@ -141,12 +141,8 @@ public class ProjectSpecTest extends TestRestDocsSpecBase {
     private SW360ReportService sw360ReportServiceMock;
 
     private Project project;
-    private Project sBOMProject;
     private Set<Project> projectList = new HashSet<>();
     private Attachment attachment;
-    private Attachment sBOMAttachment;
-    private RequestSummary requestSummary = new RequestSummary();
-
 
     @Before
     public void before() throws TException, IOException {
@@ -303,34 +299,58 @@ public void before() throws TException, IOException {
         Set<String> releaseIds = new HashSet<>(Collections.singletonList("3765276512"));
         Set<String> releaseIdsTransitive = new HashSet<>(Arrays.asList("3765276512", "5578999"));
 
-        sBOMAttachment = new Attachment("3331231254", "bom.spdx.rdf");
-        sBOMAttachment.setSha1("df903e491d3863477568896089ee9457bc316183");
-        sBOMAttachment.setAttachmentType(AttachmentType.SBOM);
-        Set<Attachment> sbomSet = new HashSet<>();
-        sbomSet.add(sBOMAttachment);
-
-        sBOMProject = new Project();
-        sBOMProject.setId("333655");
-        sBOMProject.setName("Green Web");
-        sBOMProject.setVersion("1.0.1");
-        sBOMProject.setCreatedOn("2022-11-13");
-        sBOMProject.setBusinessUnit("sw360 BA");
-        sBOMProject.setState(ProjectState.ACTIVE);
-        sBOMProject.setClearingState(ProjectClearingState.OPEN);
-        sBOMProject.setProjectType(ProjectType.PRODUCT);
-        sBOMProject.setCreatedBy("admin@sw360.org");
-        sBOMProject.setAttachments(sbomSet);
-
-        requestSummary.setMessage(sBOMProject.getId());
-        requestSummary.setRequestStatus(RequestStatus.SUCCESS);
-
-        given(this.projectServiceMock.importSBOM(any(),any())).willReturn(requestSummary);
+        Attachment SPDXAttachment = new Attachment("3331231254", "bom.spdx.rdf");
+        SPDXAttachment.setSha1("df903e491d3863477568896089ee9457bc316183");
+        SPDXAttachment.setAttachmentType(AttachmentType.SBOM);
+        Set<Attachment> spdxSet = new HashSet<>();
+        spdxSet.add(SPDXAttachment);
+
+        Attachment CycloneDXAttachment = new Attachment("3331111231254", "sampleBOM.xml");
+        CycloneDXAttachment.setSha1("df3e491d3863477568896089ee9457bc316183");
+        CycloneDXAttachment.setAttachmentType(AttachmentType.SBOM);
+        Set<Attachment> cyclonedxSet = new HashSet<>();
+        cyclonedxSet.add(CycloneDXAttachment);
+
+        Project SPDXProject = new Project();
+        SPDXProject.setId("333655");
+        SPDXProject.setName("Green Web");
+        SPDXProject.setVersion("1.0.1");
+        SPDXProject.setCreatedOn("2022-11-13");
+        SPDXProject.setBusinessUnit("sw360 BA");
+        SPDXProject.setState(ProjectState.ACTIVE);
+        SPDXProject.setClearingState(ProjectClearingState.OPEN);
+        SPDXProject.setProjectType(ProjectType.PRODUCT);
+        SPDXProject.setCreatedBy("admin@sw360.org");
+        SPDXProject.setAttachments(spdxSet);
+
+        Project cycloneDXProject = new Project();
+        cycloneDXProject.setId("3336565435");
+        cycloneDXProject.setName("Azure Web");
+        cycloneDXProject.setVersion("1.0.2");
+        cycloneDXProject.setCreatedOn("2022-11-13");
+        cycloneDXProject.setBusinessUnit("sw360 BA");
+        cycloneDXProject.setState(ProjectState.ACTIVE);
+        cycloneDXProject.setClearingState(ProjectClearingState.OPEN);
+        cycloneDXProject.setProjectType(ProjectType.PRODUCT);
+        cycloneDXProject.setCreatedBy("admin@sw360.org");
+        cycloneDXProject.setAttachments(cyclonedxSet);
+
+        RequestSummary requestSummaryForSPDX = new RequestSummary();
+        requestSummaryForSPDX.setMessage(SPDXProject.getId());
+        requestSummaryForSPDX.setRequestStatus(RequestStatus.SUCCESS);
+
+        RequestSummary requestSummaryForCycloneDX = new RequestSummary();
+        requestSummaryForCycloneDX.setMessage("{\"projectId\":\"" + cycloneDXProject.getId() + "\"}");
+
+        given(this.projectServiceMock.importSPDX(any(),any())).willReturn(requestSummaryForSPDX);
+        given(this.projectServiceMock.importCycloneDX(any(),any(),any())).willReturn(requestSummaryForCycloneDX);
         given(this.sw360ReportServiceMock.getProjectBuffer(any(),anyBoolean())).willReturn(ByteBuffer.allocate(10000));
         given(this.projectServiceMock.getProjectsForUser(any(), any())).willReturn(projectList);
         given(this.projectServiceMock.getProjectForUserById(eq(project.getId()), any())).willReturn(project);
         given(this.projectServiceMock.getProjectForUserById(eq(project2.getId()), any())).willReturn(project2);
         given(this.projectServiceMock.getProjectForUserById(eq(projectForAtt.getId()), any())).willReturn(projectForAtt);
-        given(this.projectServiceMock.getProjectForUserById(eq(sBOMProject.getId()), any())).willReturn(sBOMProject);
+        given(this.projectServiceMock.getProjectForUserById(eq(SPDXProject.getId()), any())).willReturn(SPDXProject);
+        given(this.projectServiceMock.getProjectForUserById(eq(cycloneDXProject.getId()), any())).willReturn(cycloneDXProject);
         given(this.projectServiceMock.searchLinkingProjects(eq(project.getId()), any())).willReturn(usedByProjectList);
         given(this.projectServiceMock.searchProjectByName(eq(project.getName()), any())).willReturn(projectListByName);
         given(this.projectServiceMock.searchProjectByTag(any(), any())).willReturn(new ArrayList<Project>(projectList));
@@ -1675,7 +1695,7 @@ public void should_document_get_my_projects() throws Exception {
     }
 
     @Test
-    public void should_document_import_sbom() throws Exception {
+    public void should_document_import_spdx() throws Exception {
         MockMultipartFile file = new MockMultipartFile("file","file=@/bom.spdx.rdf".getBytes());
         String accessToken = TestHelper.getAccessToken(mockMvc, testUserId, testUserPassword);
         MockHttpServletRequestBuilder builder = MockMvcRequestBuilders.post("/api/projects/import/SBOM")
@@ -1700,7 +1720,7 @@ public void should_document_get_project_count() throws Exception {
                                fieldWithPath("count").description("Count of projects for a user.").optional()
                        )));
     }
-    
+
     @Test
     public void should_document_create_summary_administration() throws Exception {
         String accessToken = TestHelper.getAccessToken(mockMvc, testUserId, testUserPassword);
@@ -1774,7 +1794,7 @@ public void should_document_get_project_report() throws Exception{
                                 )
                         ));
     }
-    
+
     @Test
     public void should_document_get_project_report_without_mail_req() throws Exception{
         String accessToken = TestHelper.getAccessToken(mockMvc, testUserId, testUserPassword);
@@ -1792,4 +1812,27 @@ public void should_document_get_project_report_without_mail_req() throws Excepti
                                 parameterWithName("mailrequest").description("Downloading project report requirted mail link. Possible values are `<true|false>`")
                         )));
     }
+
+    @Test
+    public void should_document_import_cyclonedx() throws Exception {
+        MockMultipartFile file = new MockMultipartFile("file","file=@/sampleBOM.xml".getBytes());
+        String accessToken = TestHelper.getAccessToken(mockMvc, testUserId, testUserPassword);
+        MockHttpServletRequestBuilder builder = MockMvcRequestBuilders.post("/api/projects/import/SBOM")
+                .content(file.getBytes())
+                .contentType(MediaType.MULTIPART_FORM_DATA)
+                .header("Authorization", "Bearer " + accessToken)
+                .queryParam("type", "CycloneDX");
+        this.mockMvc.perform(builder).andExpect(status().isOk()).andDo(this.documentationHandler.document());
+    }
+
+    @Test
+    public void should_document_import_cyclonedx_on_project() throws Exception {
+        MockMultipartFile file = new MockMultipartFile("file","file=@/sampleBOM.xml".getBytes());
+        String accessToken = TestHelper.getAccessToken(mockMvc, testUserId, testUserPassword);
+        MockHttpServletRequestBuilder builder = MockMvcRequestBuilders.post("/api/projects/"+project.getId()+"/import/SBOM")
+                .content(file.getBytes())
+                .contentType(MediaType.MULTIPART_FORM_DATA)
+                .header("Authorization", "Bearer " + accessToken);
+        this.mockMvc.perform(builder).andExpect(status().isOk()).andDo(this.documentationHandler.document());
+    }
 }