SBOMs

Coana makes it easy to generate CycloneDX-compatible Software Bill of Materials (SBOMs) for your projects.

These SBOMs are enhanced with VEX (Vulnerability Exploitability eXchange) data, providing detailed information about the exploitability of vulnerabilities.

For instance, if Coana determines that a vulnerability is “not reachable”, it will classify the analysis state as not_affected, with the justification code_not_reachable.

To create an SBOM, follow these steps:

1. Open the report you wish to use for the SBOM.
2. Click the ellipsis menu in the top-right corner.
3. Select “Generate SBOM” from the menu options.