SBOMs, vulnerabilities, license compliance, and risk reduction
These areas are available from the main navigation for your organization and, where applicable, per project and branch.
SBOMs
- Organization SBOMs — List and open SBOM reports across the org.
- Project SBOMs — When you are inside a project, SBOM views are scoped to the selected ref.
For how SBOMs are produced in CI (packages, Yocto, offline flows), see Identify.
Vulnerabilities
Organization- and project-level views show vulnerability information derived from your SBOMs and configuration. Use git ref context when you need results for a specific line of development.
License compliance
Organization- and project-level License compliance views reflect your license policy and findings. Policy editing is under Settings → License Compliance (License compliance policy).
Risk reduction
Risk reduction opens analyses and reports your organization has access to (for example binary risk workflows where enabled). Use the in-app navigation for the latest report types and drill-downs.