SBOMs

Coana makes it easy to generate CycloneDX-compatible (opens in a new tab) Software Bill of Materials (SBOMs) for your projects.

These SBOMs are enhanced with VEX (Vulnerability Exploitability eXchange) (opens in a new tab) data, providing detailed information about the exploitability of vulnerabilities.

For instance, if Coana determines that a vulnerability is "not reachable", it will classify the analysis state as not_affected, with the justification code_not_reachable.

To create an SBOM, follow these steps:

1. Open the report you wish to use for the SBOM.
2. Click the ellipsis menu in the top-right corner.
3. Select “Generate SBOM” from the menu options.