VeriBOM User Guide
  • Getting Started
    • Introduction
    • Signup up for VeriBOM as an Organization
    • Login to VeriBOM as an Organization
  • SBOM Concepts
  • Product Management
    • Adding Product
    • Editing Product
    • Deletion of Product
    • Additional Notes
  • Connection Management
    • Adding Connection as Publisher
    • Adding Connection as Auditor
    • Editing Connection
    • Deletion of Connection
  • Project and SBOM Management
    • Adding Project
    • Scan Sources Integration
      • Source Code Upload
      • SCM Integration - GitHub
      • Container Image Scanning
      • CI/CD Integration - Jenkins
      • Container Orchestration Platforms
    • Initiating SBOM Scans
    • Publishing SBOMs
    • Editing Project
    • Deletion of Project
  • User Management
    • Adding User
    • Editing User
    • Deletion of User
  • Roles and Permissions Management
    • Predefined Roles and Permission
    • Custom Roles and Permission
      • Permissions Hierarchy
  • Organization Types
    • Sending Invitation Request to Organization From Partner Portal
    • Sending Invitation Request to Partner From Partner Portal
    • Free Publisher
    • Publisher
    • Auditor
  • Appendices
    • Contact Information
    • Glossary
    • Troubleshooting
    • Frequently Asked Questions (FAQ)
    • VeriBOM Video Guides
    • Best Practices
    • References
    • Supported Languages and Manifests
Powered by GitBook
On this page

Connection Management

A connection is used in VeriBOM to create a link between a publisher organization and an auditor organization. Furthermore, a relationship between two publisher organizations can also be established. In short, a connection is a request. For instance, one organization might submit a request to another organization to view or give an SBOM. The state of a connection is defined by a property of the connection called Connection Status.

In the context of VeriBOM, connection management plays a crucial role in establishing and maintaining relationships with other organizations, whether as a publisher organization or an auditor organization. This section provides an in-depth guide on how to add connections, whether you're acting as a publisher organization or an auditor organization, and how to effectively manage these connections.

Here's an brief explanation of publisher and auditor organization types:

  1. Publisher Organization:

    • Role: Publisher organization is responsible for publishing SBOMs. They are the generators and providers of SBOMs.

    • Responsibilities: Publisher organizations typically produce software products, manage their versions, and share information about these products, including their SBOMs (Software Bill of Materials), with other organizations in the supply chain.

    • Actions: Publisher organizations can send connection requests to auditor organizations, allowing them to share SBOMs.

  2. Auditor Organization:

    • Role: Auditor organizations take on the role of reviewing and auditing software components provided by publisher organizations. They are consumers and evaluators of SBOMs.

    • Responsibilities: Auditor organizations assess the quality, security, and compliance of the software components. They ensure that the published SBOMs are accurate and complete.

    • Actions: Auditor organizations can review SBOMs, request connections to access SBOM data, and evaluate software components for vulnerabilities, licensing issues, and other compliance matters.

The relationship between publisher and auditor organizations is a fundamental part of VeriBOM. Publisher organizations generate SBOMs and share them with auditor organizations, who assess and verify the information. This collaboration helps ensure transparency, security, and reliability in the software ecosystem.

PreviousAdditional NotesNextAdding Connection as Publisher

Last updated 1 year ago