Viewing and Analyzing SBOMs
The Bill of Materials (BOM) view is the central workspace for examining, analyzing, and managing your SBOM data. This comprehensive interface provides multiple perspectives on your software components, licenses, and vulnerabilities.
SBOM Interface Overview
When you open a SBOM, you'll see three main sections accessible via tabs:
- Dashboard - Visual analytics and KPIs
- Components - Detailed component listing and management
- File Map - Hierarchical file structure visualization
Dashboard
The Dashboard provides a visual overview of your SBOM with charts and metrics.
Counter Cards
At the top of the dashboard, summary cards display key metrics:
- Components - Total third-party components detected
- Files - Number of files scanned
- Licenses - Count of distinct licenses
- Vulnerabilities - Total vulnerabilities found
Metadata
- Created - SBOM creation date and time
- Updated - Last modification timestamp
Visualizations
Files by Source
Chart Type: Histogram
Shows distribution of files by their detection source:
- SCA - Detected via CAST SCA database
- LOCAL - Locally cataloged components
- CATALOG - From the central catalog
- PREVIOUS - Carried over from previous SBOM version
- IMPORT - Imported from external SBOM
Components by Category
Chart Type: Bar Chart
Breakdown of components by classification:
- Open Source - Third-party open source components
- Proprietary - Internal/proprietary components
- Excluded - Explicitly excluded from analysis
- Sandbox - Components under review
- Undefined - Uncategorized components
Components by Obsolescence
Chart Type: Waffle Chart
Visual representation of component version freshness:
- Up to Date - Running latest version
- Low - Slightly outdated (minor versions behind)
- Medium - Moderately outdated
- High - Significantly outdated
- Outdated - Very old version
- Unknown - Version status unknown
Components by Compliance
Chart Type: Histogram
License policy compliance status:
- Compliant - Meets license policy requirements
- Conditional - Compliant under certain conditions
- Non-Compliant - Violates license policy
- No License - No license detected
- Unknown - Compliance status unknown
Components by Vulnerability
Chart Type: Histogram
Vulnerability severity distribution:
- Critical - Severe vulnerabilities requiring immediate attention
- High - Important security issues
- Medium - Moderate risk vulnerabilities
- Low - Minor security concerns
- None - No known vulnerabilities
- Unknown - Vulnerability status unknown
Top 10 Licenses
Chart Type: Bar Chart
Most frequently occurring licenses in your components.
Top 10 Programming Languages
Chart Type: Pie Chart
Distribution of programming languages across components.
Top 10 Topics
Chart Type: Bar Chart
Common topics or domains associated with your components (e.g., "web framework", "data visualization", "security").
Top 10 File Extensions
Chart Type: Pie Chart
Distribution of file types in the scanned codebase.
Components View
The Components view provides a detailed, sortable table of all components in your SBOM.
Category Filter
At the top of the view, select which component category to display:
- Open Source
- Proprietary
- Excluded
- Sandbox
- Undefined
Each category shows a badge with the component count.
Components Table
Table Columns
| Column | Description | Sortable |
|---|---|---|
| Name | Component name (clickable) | ✓ |
| SCA ID | CAST SCA identifier | ✓ |
| Version | Detected component version | ✓ |
| Latest | Latest available version | ✓ |
| Obsolescence | Version status badge | ✓ |
| Licenses | Associated licenses with compliance colors | ✓ |
| Vulnerabilities | Known vulnerabilities by severity | ✓ |
| Copyright | Copyright holder information | ✓ |
| Path | File system path | ✓ |
| Files | Number of associated files | ✓ |
| Source | Detection source | ✓ |
Column Customization
Click the column settings icon to show/hide columns based on your needs.
License Compliance Colors
Licenses are color-coded based on your selected license policy:
- Green - Compliant
- Orange - Conditional compliance
- Red - Non-compliant
- Gray - Unknown status
Vulnerability Severity Badges
Vulnerabilities display with color-coded severity:
- Purple - Critical
- Red - High
- Orange - Medium
- Yellow - Low
Sorting and Pagination
- Sorting - Click any column header to sort (click again to reverse)
- Pagination - Choose items per page: 10, 25, 50, or 100
- Page navigation - Use the pagination controls at the bottom
Component Actions
Per-Component Actions
Click the actions menu (three dots) for any component:
- Show Files - View all files associated with this component
- Edit Component - Modify component details, licenses, vulnerabilities
- Change Category - Move to different category
- Add to Catalog - Save component to central catalog for reuse
- Split Components - Divide component by extension, license, or path
- Delete Component (only if no files) - Remove component
Bulk Actions
Select multiple components using checkboxes, then use bulk actions:
- Change Category - Apply category to multiple components
- Split Components - Split all selected components
- Merge Components - Combine into a single component
- Add to Catalog - Add multiple components to catalog
File Map
The File Map provides an interactive visualization of your scanned file structure.
Three-Panel Layout
Left Panel - Tree View
Hierarchical folder/file structure:
- Expandable folders
- Selectable files
- Lazy-loaded for performance
Center Panel - Treemap Visualization
Canvas-based visualization where:
- Size represents file/folder size
- Color indicates license compliance:
- Green - Compliant
- Orange - Conditional
- Red - Non-compliant
- Gray - Unknown
- Blue shades - Folders/directories
Click any node to:
- Select it in the tree view
- Display details in the right panel
Right Panel - Detail Card
For selected files:
- File path
- Associated component and category
- License information
- Edit button to modify file details
For selected folders:
- Folder name
- Folder icon
Navigation
- Click folders in the treemap to drill down
- Click the tree view to navigate
- Use breadcrumb path to go back up
SBOM Header Actions
At the top of any SBOM view:
- Export BOM - Export SBOM data in various formats
- License Policy - View/change the applied license policy
- Review Step - Track review workflow status
Understanding SBOM Status
Review Workflow
SBOMs can have different review steps to track the approval process. The current step is shown in the header.
License Policy
Each SBOM is associated with a license policy that defines which licenses are acceptable. The policy name is displayed in the header and affects compliance coloring throughout the interface.
Key Concepts
Obsolescence Levels
Indicates how outdated a component version is:
- Up to Date - Latest version or very recent
- Low - A few patch versions behind
- Medium - Multiple minor versions behind
- High - One or more major versions behind
- Outdated - Component abandoned (latest version is 5+ years old)
- Unknown - Version information unavailable
Vulnerability Severity
Based on CVSS (Common Vulnerability Scoring System) scores:
- Critical (9.0-10.0) - Requires immediate attention
- High (7.0-8.9) - Important security issues
- Medium (4.0-6.9) - Moderate risk
- Low (0.0-3.9) - Minor concerns
License Compliance
When a component has multiple licenses, the system uses the most restrictive approach: Non-Compliant > Conditional > Unknown > Compliant.