Pipeline Bill of Materials
The Pipeline Bill of Materials (PBOM) tab provides end-to-end visibility into how the artifact moved through the software supply chain.
It shows all stages from source control to cloud deployment, helping you visualize traceability, security posture, and operational context.
Git Posture
Indicates if Git-based configuration risks were detected.
Code Security
Whether the source code was scanned for vulnerabilities.
Secret/PII Scan
Flags whether any hardcoded secrets or sensitive data were detected.
Open Source Security
Highlights any third-party component risks.
SBOM
Indicates whether a Software Bill of Materials is available.
Infrastructure as Code Scan
Shows whether IaC security scanning was performed.
CI/CD Posture
Reports security checks and hygiene at the pipeline level.
Container Security
Indicates scanning results for container vulnerabilities.
API Security
Displays any detected API-related risks.
Artifact Integrity
Verifies whether the artifact has been tampered with across stages.
Cloud Context
Number of environments or accounts where the artifact was observed.
In addition, the PBOM visual map shows:
Source Control: The Git repository where the code originated.
CI/CD: Pipeline used to build and package the artifact.
Registry: Storage location of the built image.
Cloud Deployment: Cloud accounts and services where the artifact is deployed (e.g., AWS, GCP).
Last updated