Guides
API Reference
Start typing to search…

SBOM

This guide will walk you through the steps to view, create, and update SBOM using CoreStack.

Introduction

This guide explains about viewing, updating, and creating Software Bill of Materials (SBOM) for end-users.

Create SBOM

Perform the following steps to create SBOM:

1. Navigate to "AppSecOps" on the Main Menu

On the left navigation pane of the platform, click AppSecOps.

2. Select "SBOM" in the Menu

Next, click SBOM.

3. Create SBOM

To create a new SBOM, click Create SBOM. The Create SBOM dialog box appears.

4. Fill Details in the Form

Fill details in the following fields and click Submit.

  • In the Project drop-down list, click to select a project.
  • In the Upload File field, click Upload File and select a Json file to be uploaded, or drag and drop the file to be uploaded.
  • In the Build ID box, enter the build ID.
  • In the Name box, enter an SBOM name.
  • In the Description text box, type a description for the SOM.
  • In the Define Tag section, in the Tag box, type the tag name and in the Value box, type the tag value, and after that click Add Tag. The tag added by you will appear below.

The newly added SBOM appears on the SBOM page.

View SBOM Details

Perform the following steps to navigate to SBOM and view details:

1. View SBOM Page

In the SBOM page, users can view SBOM details in Name, Project, Application(s), Build ID, File, Components Count, Vulnerabilities Count, Parsing Status, Mapped Resources, Version, Generated Date, Version Created Date, and Actions columns.

2. Download File

To download a file for a project, click the download icon under the File column and click on the link to download the SBOM file.

3. Click Component Count

To view detailed component count, under the Components Count column, click any number for which you would like to view further details. The Components Count dialog box displays and users can go through all the tabs to view the component details.

  • View component details in the Total tab.
  • View component details in the Upgraded tab.
  • View component details in the Added tab.
  • View component details in the Removed tab.

4. View "Vulnerabilities Count"

To view the vulnerabilities count details, under the Vulnerabilities Count column, click any number for which you would like to view further details. The Vulnerabilities Count dialog box opens. Here users can view details about CVE IDs and its severity in various tabs.

  • Users can go to the Total tab to view vulnerabilities details.
  • Click on a CVE ID to view the details page. The details page shows all CVE ID related information in three tabs - Basics, Scores & Vectors, and Reference Links.
  • In the Basics tab, view details in Description, Key Dates, and Identifiers sections.
📘

Note:

Click the back arrow to return to the Vulnerabilities Count page.

  • Go to the Scores & Vectors tab to view the scores for the selected CVE ID.
📘

Note:

Click the back arrow to return to the Vulnerabilities Count page.

  • In the Reference Links tab, view references to advisories, solutions, and tools.
📘

Note:

Click the back arrow to return to the Vulnerabilities Count page.

  • Go to the Added tab and view vulnerabilities details. Users can click a CVE ID to and view details in Basics, Scores & Vectors, and Reference Links tabs.
  • Go to the Removed tab and view details.

5. View the Info Icon on the Columns

Users can hover the mouse pointer over the Info icon (i - that appears on the column header) to view the Component Changes and Vulnerability Changes.

Actions on Project

Perform the following steps to take an action on a project:

For a particular project, users can click the ellipses under the Actions column and take one of the following actions:

  • View/Edit SBOM
  • Update SBOM
  • Map Cloud Resources
  • Delete Resource Mapping

View/Edit SBOM

1. Select "View/Edit SBOM"

Select the View/Edit SBOM action. The View/Edit SBOM dialog box appears.

2. Update SBOM Information

In the SBOM Information section, click the edit icon to update details. You can update details in Name and Description boxes, and then click Submit.

3. View Details in "SBOM Posture" Section

In the SBOM Posture section, users can click a number under Components Count and Vulnerabilities Count. A dialog box appears and users can view details.

4. Version History

In the Version History section, users can click the download icon under the File column to download a file.

5. Add "Build ID"

In the Version History section, users can click the edit icon under the Actions column, update the build ID in the Build ID box, and click Submit.

Users can also click the delete icon to remove any version.

6. Update Tag Key & Value

In the Tag Key & Value section, click the edit icon to update details. Now you can add details in Key and Value boxes, and then click Add Tag. The new tag and value appears below. You can add multiple tag keys and value, and must ensure to click Submit.

7. Edit/Delete Mapped Resources

In the Mapped Resources section, under the Actions column, click the edit icon. This will open the Edit Resource Mapping dialog box where users can make the updates and then click Submit to save the updates.

Users can also click the delete icon to delete an existing resource.

Update SBOM Action

Perform the following steps to update SBOM:

1. Select "Update SBOM" Action

Under the Actions column, click the ellipses and then select Update SBOM.

Alternatively, on the top-right corner of the screen, click Update SBOM.

2. Update SBOM Details

Update the SBOM details and then click Submit. After the updates are made successfully, a new version of SBOM is created.

Map Cloud Resources Action

To map cloud resources, click the ellipses under the Actions column, and select Map Cloud Resources. The Mapped Resources dialog box appears.

1. Edit Resource Mapping

In the Mapped Resources dialog box, to update existing resource details, click the edit icon that appears under the Actions column.

2. Update Resource Mapping Details

In the Edit Resource Mapping dialog box, update all relevant fields and click Submit.

3. Delete Resources

In the Mapped Resources dialog box, under the Actions column, click the delete icon to remove a mapped resource. A dialog box appears where you can click Yes to confirm deletion, else you can click No.

4. Add New Mapped Resource

To add a new mapped resource, in the Mapped Resources dialog box, click Add New.

5. Fill the Form and Submit

In the Add Resource Mapping dialog box, fill the following fields:

  • In the Cloud Provider drop-down list, click to select the cloud provider.
  • In the Cloud Account list, select the cloud account.
  • In the Resource Category drop-down list, select the relevant option and click Ok.
  • In the Resource Type drop-down list, select an option and click Ok.
  • In the Resource drop-down list, select a resource and then click Ok.
  • In the Resource ID drop-down list, select all relevant resource IDs and then click Ok.
  • Click Submit to save the form.

Remove Resource Mapping

Perform the following steps to delete resource mapping:

1. Delete Resource Mapping

To remove resource mapping, under the Actions column, click the ellipses and select Delete Resource Mapping.

2. Confirm Deletion

A dialog box appears where the user can select Yes to confirm the deletion of resource mapping, else they can click No.

Additional Actions

1. Search by Name

On the SBOM page, use the search box to search for any SOM related details.

2. Add Custom Filter

Click ADD + to add custom filters.

3. Select Filter Type

Select an option for the filter. For example, select Applications in this case.

4. Select Values for the Filter

In the drop-down list, click to select relevant values and then click Ok.

5. Click "Select All"

Click Select All to select all values.

6. Filter and Download

Click the first icon (the filter icon) to show/hide the ADD + option. Click the download icon to download the file.

Page Views

Perform the following steps to add page views:

1. Create New View

You can apply filters and other settings on the SOM page and save the page view. To save a page view, click the ellipses on the top-right corner of the page and select Create New View.

2. Enter View Name

In the Create New View dialog box, in the Name box, type the name of the view and then click Save.

3. Other Actions on Page View

Users can click the ellipses and take the following actions for page view:

  • Reset to View: Select this option to reset the page view to the earlier view.
  • Update View: Select this option to update the page view in case you have made any additional changes in the page.

4. Delete a View or Select Another View

If there are many page views saved for a page and you want to switch to another view, then click the drop-down list and select another view. You can also delete a view that is no more required. To delete a view, click the delete icon next to the view.

This guide covered the steps required to view, update, and create SBOM in CoreStack.

Updated 9 days ago

What’s Next