overview.md

Supply Chain Security Tools for VMware Tanzu – Store

Supply Chain Security Tools - Store saves software bills of materials (SBoMs) to a database and allows you to query for image, source, package, and vulnerability relationships. It integrates with Supply Chain Security Tools - Scan to automatically store the resulting source and image vulnerability reports.

Supply Chain Security Tools - Store has three components:

• Postgres database
• API
• CLI (insight)

Install

Supply Chain Security Tools - Store is released as an individual Tanzu Application Platform component.

To install, see Install Supply Chain Security Tools - Store. It will install the Postgres database and an API backend.

Note: the insight CLI requires a separate installation

For more information, see Deployment Details.

Set Up

Required

The following steps are required to use the API or CLI:

• Enable encryption and connection
• Create a service account and get the access token

Recommended

The insight CLI is not required but may provide an easier-to-use interface than the API.

Note: the insight CLI is separate from the tanzu CLI. It will be added as a tanzu CLI plugin in a future release

• Install the CLI
• Configure the CLI

Usage

Adding Data

See adding data to post CycloneDX scan reports to the Supply Chain Security Tools - Store

Querying Data

See querying data understand vulnerability, image, and dependency relationships

Known Issues

See Troubleshooting and Known Issues.