The AppSec Kit automatically generates the SBOM (currently based on Maven dependency tree). However, in some cases, it would be beneficial to allow AppSec users to manually add a dependency to the SBOM, and scan the vulnerability DBs for this dependency.
One use case for this feature would be a Vaadin 7 or 8 app with a custom addon based on a JS library. Currently, such a library will not be detected by the SBOM generator we are using. With this enhancement, the developer can manually add the JS library to the SBOM, and the AppSec Kit will alert them if a vulnerability is found in this library.
The AppSec Kit automatically generates the SBOM (currently based on Maven dependency tree). However, in some cases, it would be beneficial to allow AppSec users to manually add a dependency to the SBOM, and scan the vulnerability DBs for this dependency.
One use case for this feature would be a Vaadin 7 or 8 app with a custom addon based on a JS library. Currently, such a library will not be detected by the SBOM generator we are using. With this enhancement, the developer can manually add the JS library to the SBOM, and the AppSec Kit will alert them if a vulnerability is found in this library.