Supply Chain Security Tools - Store saves software bills of materials (SBoMs) to a database and allows you to query for image, source, package, and vulnerability relationships. It integrates with Supply Chain Security Tools - Scan to automatically store the resulting source and image vulnerability reports.

Supply Chain Security Tools - Store has three components:

  • Postgres database
  • API
  • CLI (insight)


Supply Chain Security Tools - Store is released as an individual Tanzu Application Platform component.

To install, see Install Supply Chain Security Tools - Store. It will install the Postgres database and an API backend.

Note: the insight CLI requires a separate installation

For more information, see Deployment Details.

Set Up


The following steps are required to use the API or CLI:


The insight CLI is not required but may provide an easier-to-use interface than the API.

Note: the insight CLI is separate from the tanzu CLI. It will be added as a tanzu CLI plugin in a future release


Adding Data

See adding data to post CycloneDX scan reports to the Supply Chain Security Tools - Store

Querying Data

See querying data understand vulnerability, image, and dependency relationships

Known Issues

See Troubleshooting and Known Issues.

check-circle-line exclamation-circle-line close-line
Scroll to top icon