Supply Chain Security Tools for Tanzu – Store

Supply Chain Security Tools - Store saves software bills of materials (SBoMs) to a database and allows you to query for image, source code, package, and vulnerability relationships. It integrates with Supply Chain Security Tools - Scan to automatically store the resulting source code and image vulnerability reports. It accepts CycloneDX input and outputs in both human-readable and machine-readable formats, including JSON, text, and CycloneDX.

The following is a four-minute demo of scanning an image for CVEs and querying the database for CVEs and dependencies.

Using the Tanzu Insight CLI plug-in

the Tanzu Insight CLI plug-in is the primary way to view results from the Supply Chain Security Tools - Scan of source code and image files. Use it to query by source code commit, image digest, and CVE identifier to understand security risks.

See Tanzu Insight plug-in overview to install, configure, and use tanzu insight.

Multicluster configuration

See Ingress and multicluster support for information about how to set up Supply Chain Security Tools Scan and Store to work together in a multicluster setup.

Additional documentation

Additional documentation includes information about the API, deployment details and configuration, AWS RDS configuration, other database backup recommendations, known issues, and other topics.

check-circle-line exclamation-circle-line close-line
Scroll to top icon