Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • User Guide

    24.3.0
    24.3.a
    24.3.0
    24.2.0
    24.1.a
    24.1.0
    23.4.a
    23.4.0
    23.3.0
    23.2.a
    23.2.0
    23.1.a
    23.1.0
    22.4.a
    22.4.0
    22.1.0

    Viewing Software Bill of Materials(SBOM)

    Viewing Software Bill of Materials(SBOM)

    A Software Bill of Materials (SBOM) is a detailed inventory that includes all the third-party and open-source software components used in the product. FortiDevSec SBOM references page presents a complete list of all the software components used in your product and helps you easily track these components, their versions, and any security vulnerabilities they may have.

    Perform the following steps to view SBOM.

    1. In the FortiDevSec Dashboard > Applications, click See details in the desired application which contains secret scan to view scan details.

    2. In scanned application details page, click SBOM.

    3. SBOM References window is displayed. The components are grouped based on their ecosystem and the following fields are displayed for each component.

      Field Description
      Dependency The name of the third party library being used.
      Version The version of the library being utilized.
      License Displays license information for the dependency. Licenses with known risks are highlighted.
      Vulnerable Notifies whether the library is vulnerable or non-vulnerable.
      Source File The file path where the library name and version are mentioned and utilized.

    4. Click Export and choose CSV to save the list of all components in a Microsoft Excel file. Alternatively, select Cyclone DX to export the list in the Cyclone DX JSON format.

    Viewing Dependency Chain Graph

    The Dependency chain graph window offers a comprehensive view of your software component's dependency relationships. Analyze both direct and transitive dependencies to identify potential issues.

    Perform the following steps to view dependency chain graph.

    1. In the FortiDevSecDashboard > Applications, click the desired application name or the number of vulnerabilities which contains secret scan to view scan details.

    2. Click SBOM in the SCA scanner widget. SBOM References window is displayed.

    3. Select the software component and click Dependency graph.

    4. The following information is displayed in Dependency chain graph window.

      Field Description

      Package Name

      Package name of the selected software component.
      Dependency type

      Type of dependency, transitive or direct. If the selected software component contains both direct and transitive dependency then transitive will be displayed as dependency type.

      A direct dependency is a component that you directly reference in your code.

      A transitive dependency is a component that your selected component indirectly relies on through its direct dependencies.
      Introduced through Provides information about the path through which a package was introduced.
      Import path

      Dependency chain graph for the selected package from the Introduced through section.

    Previous
    Next

    Viewing Software Bill of Materials(SBOM)

    Viewing Software Bill of Materials(SBOM)

    A Software Bill of Materials (SBOM) is a detailed inventory that includes all the third-party and open-source software components used in the product. FortiDevSec SBOM references page presents a complete list of all the software components used in your product and helps you easily track these components, their versions, and any security vulnerabilities they may have.

    Perform the following steps to view SBOM.

    1. In the FortiDevSec Dashboard > Applications, click See details in the desired application which contains secret scan to view scan details.

    2. In scanned application details page, click SBOM.

    3. SBOM References window is displayed. The components are grouped based on their ecosystem and the following fields are displayed for each component.

      Field Description
      Dependency The name of the third party library being used.
      Version The version of the library being utilized.
      License Displays license information for the dependency. Licenses with known risks are highlighted.
      Vulnerable Notifies whether the library is vulnerable or non-vulnerable.
      Source File The file path where the library name and version are mentioned and utilized.

    4. Click Export and choose CSV to save the list of all components in a Microsoft Excel file. Alternatively, select Cyclone DX to export the list in the Cyclone DX JSON format.

    Viewing Dependency Chain Graph

    The Dependency chain graph window offers a comprehensive view of your software component's dependency relationships. Analyze both direct and transitive dependencies to identify potential issues.

    Perform the following steps to view dependency chain graph.

    1. In the FortiDevSecDashboard > Applications, click the desired application name or the number of vulnerabilities which contains secret scan to view scan details.

    2. Click SBOM in the SCA scanner widget. SBOM References window is displayed.

    3. Select the software component and click Dependency graph.

    4. The following information is displayed in Dependency chain graph window.

      Field Description

      Package Name

      Package name of the selected software component.
      Dependency type

      Type of dependency, transitive or direct. If the selected software component contains both direct and transitive dependency then transitive will be displayed as dependency type.

      A direct dependency is a component that you directly reference in your code.

      A transitive dependency is a component that your selected component indirectly relies on through its direct dependencies.
      Introduced through Provides information about the path through which a package was introduced.
      Import path

      Dependency chain graph for the selected package from the Introduced through section.

    Previous
    Next