SBOM

SBOM

An SBOM provides details of a version by encapsulating its -

  • Metadata such as time of creation and tool used to create SBOM

  • List of components included in the version

  • Relationship among components

  • Licenses associated with components

  • Optional Vulnerabilities associated with components

  • Optional State of vulnerability exploitability associated with vulnerabilities

A Version may have multiple SBOMs associated with it.

This happens when the first SBOM associated with the version is modified to add details or fix errors, resulting in an updated SBOM.

However, only one of those SBOMs is always considered to represent the version (the "active SBOM").

The platform shows each Version represented by the active SBOM as a list of:

As the version makes the foundation for managing vulnerability, meeting compliance, or enforcing security policies, the platform also surfaces results of vulnerability scanning, policy evaluation, status of component support, and compliance associated with each version

Last updated