SBOM

Branch-Level SBOM

A Software Bill of Materials (SBOM) in Sttor Code is a branch-scoped inventory of what your application is built from—packages, versions, and relevant metadata—generated from the latest branch scan.

When it’s created
- Automatically during branch scans (recommended baseline for SBOM generation).
- Optionally surfaced during PR workflows (for review), but the canonical SBOM is branch-based.
What “branch-level” means
- The SBOM represents the dependency state of a specific branch at a specific commit.
- Every new scan can produce a new snapshot, allowing you to track what changed over time.
Where you use it
- Audits and compliance evidence (what was shipped).
- Supply chain security workflows (third-party risk, vulnerability management, license review).
- Internal governance (approved dependency lists).

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

SBOM

Branch-Level SBOM

SAST Rules

IaC Rules

License Rules

SBOM ​

Branch-Level SBOM ​

SBOM

Branch-Level SBOM