Supply Chain: Gain full visibility by tracking detected tools in your environment and cross-referencing them against a catalog of Cortex-recognized, trusted technologies.
The Software supply chain tool inventory provides comprehensive visibility into the tools, services, and third-party integrations that operate across your software development and delivery processes. It includes two complementary inventories:
Supply Chain Tools: Lists tools and their associated risk factors detected in your environment
Supply Chain Catalog: Cortex XSIAM's centralized registry of recognized supply-chain tools and their associated risk factors
Together, these inventories allow you to assess tool usage, coverage, and security posture—identifying unused, vulnerable, or unapproved tools before they expand your attack surface.
Execution environments
Cortex XSIAM supports these Supply Chain Tool execution environments:
Third party pipelines: Third-party plugins integrated with Cortex XSIAM, provide visibility into installations, locations, and CVE vulnerabilities within your pipeline environment. This allows for prioritized remediation, effectively reducing your attack surface by identifying and removing unused or vulnerable plugins.
Supported pipeline environments include:
GitHub Actions
Jenkins plugins
CircleCI Orbs
Azure Extensions
Additionally, these pipelines often incorporate third-party executables into their workflows. Cortex XSIAM offers enhanced visibility into these third-party services, transforming unreadable data into actionable insights for improved security posture.
VCS third parties: VCS Apps. Third-party applications and webhooks in your version control system. This enables removal of unused assets, management of permissions, and adherence to the principle of least privilege
Executables: Standalone programs or scripts executed within your CI/CD pipelines. These may include custom scripts, third-party command-line tools, or other executable files. The inventory provides insights into their usage, deployment locations, and potential security risks
Remote Scripts (URL). Executable scripts fetched from a remote URL during pipeline execution. The inventory provides insights into their origin, usage, and potential security risks, addressing the unique challenges of untrusted remote code
Webhooks: Automated, event-driven communications that trigger actions across your CI/CD pipeline and integrated services. Cortex XSIAM provides an inventory of these webhooks, enabling you to assess their usage, coverage, and potential security risks
Tool status
Tools are categorized by status: Approved, Pending Review, or Rejected (but still in use). When initially detected, tools are assigned a Pending Review status by default, requiring further action to change the status to Approved or Rejected. Rejected does not mean the tool is not in use. It allows application security practitioners and DevOpsSec personnel to search for and remove these tools as needed.
You can modify the tool status by right-clicking on a tool in both Supply Chain Tool and Supply Chain Catalog inventories:
In the inventory table, → →
From the Overview tab on the Supply Chain side-panel.
Initial selection: Select a status from the available options
When modifying a previous selection: Select →
For information about changing a tool status, refer to Overview
Using the inventories
Use Supply Chain Tools to view and manage tools detected in your environment, review usage, and prioritize remediation
Use the Supply Chain Catalog to cross-reference detected tools against Cortex XSIAM-supported ones, identify coverage gaps, and evaluate risk before integrating new tools or replacing existing ones
Note
Although attributes are identical across inventories, their values for the same tool can differ, most commonly in Risk Factors and Type. This is because the inventory reflects your live environment, which may include different versions or configurations than the catalog—for example, a package may not have been upgraded or may be deployed differently.