Skip to main content

SBOM Inventory

SBOM (Software Bill of Materials) Inventory shows every software component detected during source code and container image scans across your integrated assets. Use it to spot components with supply chain attack exposure or CVE vulnerabilities, and see how many assets they affect.

How data is collected

SourceBranch / version used
Source code scanmain or master branch only
Container image scanMost recent scan for each asset

If no scans have been completed, the screen shows a No Data state.

View and filter the component list

  1. Select SBOMSBOM Inventory in the navigation menu.

    The component list appears, sorted by Supply Chain Attacks (descending) by default.

SBOM Inventory component list

  1. Select a team from the dropdown in the top-right corner.

    • Org Admin: all teams in the organization are available.
    • Standard user: only teams you have been assigned to appear.
    • Teams are shown in a hierarchical format separated by / — for example: FCI Organization / CLOUD / XPLAT.
  2. Review the component list. Each row contains:

    ColumnDescription
    ComponentName and version in Name@Version format. Click to open Component Detail.
    EcosystemPackage ecosystem — for example, Debian, npm, or PyPI.
    Supply Chain AttacksNumber of supply chain attack campaigns linked to this component. Shown in red with a warning icon when greater than 0.
    VulnerabilitiesCVE count by severity: Critical / High / Medium / Low.
    LicenseComponent licenses. Up to 3 tags shown; hover +N to view all.
    Affected AssetsNumber of assets using this component.
  3. Filter the list to narrow results (optional):

    • By ecosystem: select a value from Select ecosystem.
    • By license: select a value from Select license.
    • By component name: type in Search by component and press Enter.
  4. Sort by a different column by clicking Vulnerabilities or Affected Assets (optional).

  5. Navigate between pages with Prev / Next or page numbers. Change items per page using Row per page (default: 10).

note

Filters and search combine with AND logic. Click × on a filter chip to remove it.

Next step

Click a component name to open Component Detail and review its supply chain attacks, CVE vulnerabilities, and affected assets.