Vendor Management
- Manual SBOM upload screen (under development)
- Role-based permissions related to SBOM upload screen (under development)
- Vendor SBOM staleness/freshness policy tracking and enforcement (research & development)
- Machine to machine vendor upload mechanism (research)
SBOM generation and synchronization
- Snyk
- GitHub Action (POC)
- GitHub (in progress)
- GitLab
- Bitbucket
- Syft
- Ion Channel
SBOM storage
- S3
- File system
Enrichment
- Snyk
- EPSS
- sbom-scorecard
- Ion Channel
- OSV
Analytics
- Vulnerabilities and scores by SBOM
- Dependency blast radius
- SBOM freshness
- CI/CD & Runtime monitoring
Technical Improvements
- SPDX support
- Pipeline Metrics (e.g. OTEL, Prometheus, Grafana)
- Cargo features
- Notifications
- CI/CD integration