Results

How does MAIA keep track of SBOM history?

Updated: 2024-11-16 MAIA

An SBOM refers to a software library, application, firmware etc. When such an artifact is registered, it is assigned a Product identity, which would be the combination of group (vendor) and name.

Example: An SBOM representing the application com.t2data/epss_cloud@1.3.4 gets the product identity com.t2data/epss_cloud. If the product exists, the artifact will be assigned to it. If not, a new product is created.

When opening the product show page, a table presents all artifacts and versions registered by the system.

For SBOMs, the history is also controlled by the collection of Tags.

To have a reference to a previous version of any software, both identity and tag collection must correspond.