Exports

PDF - All Scans

You can export a PDF containing information on all scans, from the Reports page.

The exported PDF has information on each scan, stating:

  • The repository and reference used for scanning
  • Workflow used
  • Threat, Secret and Vulnerability Status
  • License Risk
  • Remediation used
  • The date of the scan

PDF - Overview

You can export a PDF containing the overview of a specific scan, from the scan's report page.

The exported PDF has information on the specific scan, stating:

  • Name of the connection, repository and reference used for scanning
  • The scan's Threat, Secret and Vulnerability Status
  • Trigger event
  • Workflow used
  • Remediation used
  • Total file count
  • Files with issues count
  • Each file's Name and its Threat, Secret and Vulnerability Status, Hash and License Risk

PDF - SBOM

You can export a PDF containing the SBOM information of a specific scan, from the scan's report page.

The exported PDF has information on the specific scan, stating:

  • Name of the connection, repository and reference used for scanning
  • The scan's Threat, Secret and Vulnerability Status
  • Trigger event
  • Workflow used
  • Remediation used
  • Total package count
  • Vulnerable package count
  • Each package's Name, Version, Vulnerability (Id, Severity, Fixed Version, CWEs) and Licenses

CycloneDX

The exported file is in JSON format and adheres to the guidelines set by the official CycloneDX documentation. MDSSC uses the bom-1.6 schema and contains the following fields:

  • $schema
  • bomFormat
  • specVersion
  • version
  • metadata
  • tools
  • components
  • dependencies
  • vulnerabilities

SPDX

The exported file is in JSON-LD format and adheres to the SPDX 3.0.1 specification. It utilizes the software, security, and lite profiles to describe the components, their vulnerabilities, and associated licensing information.

Key fields in the document include:

  • @context: Specifies the JSON-LD context, pointing to the official SPDX 3.0 vocabulary.
  • @graph: An array that contains all the individual elements of the SBOM, such as packages, files, and vulnerabilities.
  • spdxId: A unique identifier for each element within the SBOM.
  • type: Defines the type of an element (e.g., SpdxDocument, software_Package, security_Vulnerability).
  • element: An array listing the spdxId of all elements that are part of a larger element, like an SpdxDocument.
  • externalIdentifier: Provides external references for an element, such as a CVE or CWE for a vulnerability.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Audit
On This Page
ExportsPDF - All ScansPDF - OverviewPDF - SBOMCycloneDXSPDX