SBOM Inventory
SBOM (Software Bill of Materials) Inventory shows every software component detected during source code and container image scans across your integrated assets. Use it to spot components with supply chain attack exposure or CVE vulnerabilities, and see how many assets they affect.
How data is collected
| Source | Branch / version used |
|---|---|
| Source code scan | main or master branch only |
| Container image scan | Most recent scan for each asset |
If no scans have been completed, the screen shows a No Data state.
View and filter the component list
-
Select SBOM → SBOM Inventory in the navigation menu.
The component list appears, sorted by Supply Chain Attacks (descending) by default.

-
Select a team from the dropdown in the top-right corner.
- Org Admin: all teams in the organization are available.
- Standard user: only teams you have been assigned to appear.
- Teams are shown in a hierarchical format separated by
/— for example:FCI Organization / CLOUD / XPLAT.
-
Review the component list. Each row contains:
Column Description Component Name and version in Name@Versionformat. Click to open Component Detail.Ecosystem Package ecosystem — for example, Debian, npm, or PyPI. Supply Chain Attacks Number of supply chain attack campaigns linked to this component. Shown in red with a warning icon when greater than 0. Vulnerabilities CVE count by severity: Critical / High / Medium / Low. License Component licenses. Up to 3 tags shown; hover +N to view all. Affected Assets Number of assets using this component. -
Filter the list to narrow results (optional):
- By ecosystem: select a value from Select ecosystem.
- By license: select a value from Select license.
- By component name: type in Search by component and press Enter.
-
Sort by a different column by clicking Vulnerabilities or Affected Assets (optional).
-
Navigate between pages with Prev / Next or page numbers. Change items per page using Row per page (default: 10).
Filters and search combine with AND logic. Click × on a filter chip to remove it.
Next step
Click a component name to open Component Detail and review its supply chain attacks, CVE vulnerabilities, and affected assets.