Dependency querying for SBOM across applications
pending feedback
D
Distant Mouse
One use case for an SBOM we would like to see on Harness is the ability to query a specific dependency and be able to see all applications that are using this depedency. If something like a day 0 vulnerability appears in a dependency, then we will be able to flag all applications that are using it.
Note: This feature would be best suited to be in the Supply Chain Security module, but since that was not an option above, the Security Testing Orchestration module is the closest one.
Log In
P
Pranay Shah
pending feedback
P
Pranay Shah
Hello,
This feature is available today. You can view all the artifacts or repos that are using a particular dependency across the entire account.
Please follow these steps:
- Navigate to dashboards at account level
- Select Supply Chain Security Filter
- Open the "Component Summary (artifacts)" or Component Summary (Code Repos)" dashboard
- Search for the component which is affected by 0-day vulnerability
- In the component summary table, click on occurrences to view the list of artifacts or repos affected by that component
Refer to the docs links for more info
Pritesh Chandaliya
under review
Pranay Shah moved into SSCA/SCS module