GH-500 - Configure and use supply chain security - Section 3.1
Generate and interpret the dependency graph, and use SBOM export options, formats, and supply chain context.
Generate and interpret the GitHub dependency graph to understand a repository's transitive dependencies, and export a Software Bill of Materials (SBOM) in SPDX format. Recognise how the dependency graph draws on the GitHub Advisory Database and other vulnerability databases to surface known risks.
dependency graphSBOMSPDXvulnerability databasesGitHub Advisory Database
More in this domain
Back to all Configure and use supply chain security objectives, or the GH-500 cert hub.
Examworthy is not affiliated with or endorsed by GitHub. Original, blueprint-aligned practice material only.