Provides visibility into supply chain security, including external tools integrated with your development pipeline and a catalog of known supply chain components.
External security tools integrated with your development pipeline (e.g., SonarQube, Snyk, Semgrep, Veracode, 3rd Party AppSec Collector). Shows tool status, risk factors, permissions, and version information. To access Supply Chain Tools, go to → → →
For more information, see Supply Chain Inventories.
Permission | Description | Roles Example |
|---|---|---|
None | No access to Supply Chain Tools. | SOC Tier-1 and Tier-2 Analysts: Supply chain data is rarely needed for incident investigation at these tiers. |
View | Read-only access to supply chain tools data. Users can browse, filter, and view tool details. They cannot add, configure, or remove tools. |
|
View/Edit | Full access to manage supply chain tools. Includes all View capabilities plus: add new tools, configure tool settings, remove tools, and manage tool integrations. | Security Engineer: Manages supply chain tool integrations. |
A catalog of known supply chain components and their security status, including pipeline tools discovered across CI/CD configurations. To access the Supply Chain Catalog, go to → → → .
For more information, see Supply Chain Inventories.
Permission | Description | Roles Example |
|---|---|---|
None | No access to Supply Chain Catalog. | SOC Tier-1 and 2 Analysts: Supply chain data is rarely needed for incident investigation at this tier. |
View | Read-only access to the supply chain catalog. Users can browse, filter, and view catalog entries. They cannot update or manage catalog entries. |
|
View/Edit | Full access to manage the supply chain catalog. Includes all View capabilities plus: update catalog entries and manage catalog data. | Security Engineer: Reviews the catalog for risk assessment |