Where is the SBOM stored after generation?

Prepare for the GitHub Advanced Security Certification Test. Practice with multiple choice questions, detailed explanations, and hints. Achieve success on your first attempt!

Multiple Choice

Where is the SBOM stored after generation?

Explanation:
The SBOM is stored with the scan results because it’s intended to accompany a specific scan run. An SBOM enumerates the exact components and versions that were present in that build, so keeping it tied to the corresponding scan results preserves the precise context needed for traceability, auditing, and vulnerability correlation. Attaching the SBOM as part of the scan’s artifacts lets you download and review both the findings and the component list together, ensuring you can verify which components were present when the results were generated. Storing it separately or committing it to the repository can easily desynchronize the SBOM from the particular scan it describes, making it harder to align components with findings.

The SBOM is stored with the scan results because it’s intended to accompany a specific scan run. An SBOM enumerates the exact components and versions that were present in that build, so keeping it tied to the corresponding scan results preserves the precise context needed for traceability, auditing, and vulnerability correlation. Attaching the SBOM as part of the scan’s artifacts lets you download and review both the findings and the component list together, ensuring you can verify which components were present when the results were generated. Storing it separately or committing it to the repository can easily desynchronize the SBOM from the particular scan it describes, making it harder to align components with findings.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy