Explore SBOM
Analyze and understand your Software Bill of Materials
Explore SBOM
Once your SBOM is generated, explore every component, dependency, and potential risk through the Project Overview page.
Project Overview
Click on any project from the Projects list to access the detailed Project Overview page. The page is organized into multiple tabs for comprehensive analysis.
Info Tab
The Info tab provides at-a-glance information about your project:
Project Details
| Field | Description |
|---|---|
| Project Name | The name of your project |
| Project Version | Current version or branch (e.g., main) |
| Created On | Date and time the project was created |
| Created By | User who created the project |
| Generation Method | How the SBOM was generated (SCM, Container, Manual) |
| Source Code Repository | Link to the source repository |
| Branch/Tag | The branch or tag that was scanned |
| Organization | Organization the project belongs to |
Visual Analytics
The Info tab includes several charts:
- Findings by Severity - Distribution of findings across severity levels
- Vulnerabilities by Severity - Critical, High, Medium, Low breakdown
- Supply Chain Risk by Components - Component-level risk assessment
- Findings by Gate - Policy gate pass/fail status
Attestation Tab
View supply chain attestation and provenance verification:
Attestation Score vs Risk Score
| Score Type | Description |
|---|---|
| Attestation Score | Measures the integrity and trustworthiness of a package based on malicious package detection, supply chain verification, and provenance attestation |
| Risk Score | Overall security scoring based on the package itself, including vulnerability count, severity distribution, maintenance status, and community trust |
- SLSA Provenance - Supply chain Levels for Software Artifacts verification
- Sigstore Signatures - Code signing verification status
- Build Reproducibility - Build attestation information
- Malicious Package Detection - Detection of potentially malicious packages
Dependencies Tab
View the complete dependency tree:
Tree View
Hierarchical visualization showing:
- Parent-child relationships
- Dependency depth
- Version information
- Vulnerability indicators
Table View
Sortable and filterable list with:
- Component name and version
- License type
- Vulnerability count
- Last updated date
Provenance Tab
Track the origin and build information of components:
- Source Repository - Where the code came from
- Build System - How it was built
- Commit Information - Git commit details
- Build Timestamps - When builds occurred
Vulnerabilities Tab
Comprehensive vulnerability management:
- Total vulnerability count
- Breakdown by severity (Critical, High, Medium, Low)
- Affected component details
- Fix recommendations
- AI Remediate button for automated fixes
Learn more about Vulnerabilities →
Mitigations Tab
Track applied mitigations and accepted risks:
- Active mitigations
- Risk acceptances with expiration dates
- False positive markings
- Mitigation history
Security Posture Tab
Overall security assessment:
- Security posture score
- Compliance status
- Security recommendations
- Trend analysis
Code Quality Tab
Code quality metrics:
- Code quality issues
- Maintainability index
- Technical debt assessment
Suppliers & Licenses Tab
License compliance and supplier information:
- License distribution
- License compatibility analysis
- Supplier information
- Attribution requirements
Findings Tab
All findings across security gates and policies:
- Gate status (pass/fail)
- Policy violations
- Recommended actions
- Finding history
Export Options
Export your SBOM data in 30+ formats:
- SPDX - JSON, XML, RDF
- CycloneDX - JSON, XML
- CSV - Spreadsheet compatible
- Excel - Full workbook with multiple sheets
- PDF - Formatted report
- JSON - Raw data export