Sonatype SBOM Manager
SBOM Manager brings value across teams
Easy to use - UI is easy for many teams and technical levels to extract value.
Become and remain compliant - Ensure adherence to regulations and standards with automated SBOM generation and reporting.
Streamlined VEX workflow - Add vulnerability details (VEX) and Vulnerability Exploitability eXchange to each SBOM.
Ingest
import both CycloneDX and SPDX formats using various component identifiers while retaining the original SBOMs for compliance. VEX information may be imported and automatically produced using Sonatype data.
Analyze
Complete component intelligence with 14 supported ecosystems. SBOM-centric metrics and trends to track progress toward policy goals
Store
Provide original SBOM and any augmented SBOMs by application version.
Catalog
Check whether third-party applications and libraries comply with your organization’s compliance and security policies
Search
Flexible search to locate components, vulnerabilities, and policy violations across your portfolio. Reduce response time to incidents by searching through your SBOM database to find any compromised components
Audit
Check whether third-party applications and libraries comply with your organization’s compliance and security policies. Create rules to scale and automate the VEX process
Continuously Monitor
Continuously monitor SBOMs for new information about components Provide notifications/alerts based on monitoring
VEX Workflow
Manage a full VEX-based SBOM Release Workflow. Embed VEX information in your SBOMs to explain vulnerabilities
Distribute
Share or send SBOMs as pdfs and data files. Share SBOMs with your customers, regulators, and certification bodies.