SBOM

An SBOM provides details of a version by encapsulating its -

Metadata such as time of creation and tool used to create SBOM
List of components included in the version
Relationship among components
Licenses associated with components
Optional Vulnerabilities associated with components
Optional State of vulnerability exploitability associated with vulnerabilities

A Version may have multiple SBOMs associated with it.

This happens when the first SBOM associated with the version is modified to add details or fix errors, resulting in an updated SBOM.

However, only one of those SBOMs is always considered to represent the version (the "active SBOM").

The platform shows each Version represented by the active SBOM as a list of:

As the version makes the foundation for managing vulnerability, meeting compliance, or enforcing security policies, the platform also surfaces results of vulnerability scanning, policy evaluation, status of component support, and compliance associated with each version

PreviousVersion NextGeneral

Last updated 10 months ago