Where is SBOM data surfaced in GitHub to aid vulnerability assessment and supply chain risk analysis?

Prepare for the GitHub Advanced Security Certification Test. Practice with multiple choice questions, detailed explanations, and hints. Achieve success on your first attempt!

Multiple Choice

Where is SBOM data surfaced in GitHub to aid vulnerability assessment and supply chain risk analysis?

Explanation:
SBOM data is surfaced in GitHub within the Security area. This section is dedicated to security-related information for a repository, including vulnerability alerts, the dependency graph, and the Software Bill of Materials. Having the SBOM here lets you see exactly which components and versions are included, map them to known CVEs, and assess supply chain risk as part of vulnerability management. The Insights dashboard is focused on project analytics, the Actions tab on CI/CD workflows, and the Notifications panel on alerts and messages; none of these center on presenting the SBOM for risk analysis.

SBOM data is surfaced in GitHub within the Security area. This section is dedicated to security-related information for a repository, including vulnerability alerts, the dependency graph, and the Software Bill of Materials. Having the SBOM here lets you see exactly which components and versions are included, map them to known CVEs, and assess supply chain risk as part of vulnerability management. The Insights dashboard is focused on project analytics, the Actions tab on CI/CD workflows, and the Notifications panel on alerts and messages; none of these center on presenting the SBOM for risk analysis.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy