Manage software supply chain assets like VCS organizations, code identities, and CI/CD pipelines to gain deep visibility and remediate risks directly.
Software supply chain assets are the foundational systems, components, tools, and identities used to construct and deliver your software artifacts. Maintaining a comprehensive inventory of these assets is critical for understanding your environment and securing the SDLC.
Your supply chain asset inventory includes:
Collaborators: The human and non-human code identities that have access to and interact with your development systems.
VCS organizations and repositories: The top-level structures within version control platforms and the specific repositories containing your code. This includes specific technologies used within your repositories such as Python infrastructure and configuration files (such as Dockerfiles and Terraform), and package managers (such as package.json and go.mod).
CI/CD instances and pipelines: The infrastructure and automated workflows that build, test, and deploy your software.
Software packages: The open-source dependencies and third-party libraries ingested into your application code.
Supply chain tools: The CI/CD pipeline tools and VCS applications integrated into your environment. This inventory provides a centralized location to manage third-party integrations, review usage evidence, and assess risks (including creator and category details). You can filter tools by status (approved, rejected, uncategorized) to ensure policy adherence and prioritize remediation.
Comprehensive visibility into these assets allows you to accurately map your entire software development environment. Additionally, these inventories display the specific risks identified through supply chain security scans, enabling you to investigate and remediate vulnerabilities, pipeline risks, and misconfigurations directly from the dedicated asset views.