BlogOpen a Ticket
Guides

SBOM Radar

Suggest Edits

SBOM Radar is a tool that allows you to track and analyze the components used in a software project through a Software Bill of Materials (SBOM).

SBOM Radar can be activated from the Scanners section under Software Composition Analysis (SCA) in the Kondukto UI.

The "Trigger with" section of the integration defines when SBOM generation will take place on the platform. When all scanner categories are selected, SBOM will be automatically generated each time a SAST, SCA, IaC, or CS scan is triggered in projects.

If you only select SAST, the SBOM generation will be triggered exclusively alongside SAST scans.

If none of the scanner categories is selected, then you can only import SBOM into Kondukto without having them generated by Kondukto.

The Inspector Tool checks for vulnerabilities in the generated SBOMs every 12 hours automatically.

The Scans section under the SBOM tab displays the last scan time, SBOM format, project, branch, SBOM source, inspector tool, number of vulnerable components, and the total number of components discovered in the projects under the selected product.

When you click the SBOM tab, you’ll see a detailed interface with the following menus:

  • Scans
  • Components
  • Dependency Tree

Using the Action button in this area, you can access the components created by the SBOM Radar tool and reviewed in the security scans of the relevant project.

After clicking the Action button, a project-level view opens where the components related to the scan are listed.
By clicking the Vulnerabilities button next to a component, you can view detailed information about any vulnerabilities associated with that component.

When you click the link under the Action column, you are redirected to a detailed interface where all identified vulnerabilities are listed.
You can examine the vulnerabilities more thoroughly on this screen.

When dependency information is included in an imported SBOM report or when Black Duck is selected as the SBOM generator, trees will be generated that present the relationship between direct and transitive dependencies.

The generated tree is displayed as shown below under the Dependency Tree menu.

Updated about 23 hours ago