SBOM
SBOM package analysis and vulnerability scanning capabilities
Package analysis
| Cataloger + Evidence | License | Dependencies | Package Manager Claims | ||||
|---|---|---|---|---|---|---|---|
| Depth | Edges | Kinds | Files | Digests | Integrity Hash | ||
sbom-cataloger *.syft.json, *.bom.*, *.bom, bom, *.sbom.*, *.sbom, sbom, *.cdx.*, *.cdx, *.spdx.*, *.spdx |
|||||||
Vulnerability scanning
| Data Source | Disclosures | Fixes | Track by Source Package |
||
|---|---|---|---|---|---|
| Affected | Date | Versions | Date | ||
| National Vulnerability Database (NVD) | |||||
Grype Configuration
| Configuration Key | Description |
|---|---|
match.stock.using-cpes |
Use CPE package identifiers to find vulnerabilities |