Software Bill of Materials (SBOM)
Arnica's SBOM page provides a comprehensive list of all packages used within your source code. The SBOM inventory page is filterable, searchable, and exportable in enriched Cyclone DX format. The SBOM page consists of inventory views for all repositories integrated with Arnica, updated weekly on free plans, and daily for all tiers Team and above.
Arnica's SBOM shows top level package and CVE counts for each repo within your organization. Expanding a repository will provide file and package level detail for each package included. This detail includes enriched context such as the packages licensing type, OpenSSF scorecard rating, number of stars, and reputation trend.
Arnica's SBOM page is fully filterable and searchable. To filter down to a specific resource select the "Asset" column header. Here you can filter by SCM, Org, Project, Repo, and Branch.
You can easily search for assets, packages, or licenses in use by using the search bar. The findings displayed in the table will be limited to only those that include the search string. For example, when searching for "LGPL", the table will display only packages that leverage the LGPL license type. When expanding the dependency lists of repositories that use both LGPL and other licenses, the drop down list will display only those that match the search criteria.
Filters on the SBOM page are applied independently from the search input and will result in a combined result output.
Arnica's SBOM report is exportable as a .json file and conforms to the Cyclone DX format, enriched with all CVE and package reputation detail displayed within the page. To Export SBOM artifacts select the repositories you would like included in the export and click the "Download SBOMs For Selected" button in the upper right hand corner.