Pipeline Bill of Materials

The Pipeline Bill of Materials (PBOM) tab provides end-to-end visibility into how the artifact moved through the software supply chain.

It shows all stages from source control to cloud deployment, helping you visualize traceability, security posture, and operational context.

Field
Description

Git Posture

Indicates if Git-based configuration risks were detected.

Code Security

Whether the source code was scanned for vulnerabilities.

Secret/PII Scan

Flags whether any hardcoded secrets or sensitive data were detected.

Open Source Security

Highlights any third-party component risks.

SBOM

Indicates whether a Software Bill of Materials is available.

Infrastructure as Code Scan

Shows whether IaC security scanning was performed.

CI/CD Posture

Reports security checks and hygiene at the pipeline level.

Container Security

Indicates scanning results for container vulnerabilities.

API Security

Displays any detected API-related risks.

Artifact Integrity

Verifies whether the artifact has been tampered with across stages.

Cloud Context

Number of environments or accounts where the artifact was observed.

In addition, the PBOM visual map shows:

  • Source Control: The Git repository where the code originated.

  • CI/CD: Pipeline used to build and package the artifact.

  • Registry: Storage location of the built image.

  • Cloud Deployment: Cloud accounts and services where the artifact is deployed (e.g., AWS, GCP).

Last updated