The new scanning model “Supply Chain Security Tools – Scan 2.0” which was introduced back in TAP 1.5, now includes some great new improvements, and has been promoted from Alpha to Beta!
The new model, is much easier to extend and customize to your own organizations needs, and is built with a more scalable and secure architecture.
In the previous model of the scanning feature in TAP, image scanning definitions needed to handle 4 main topics:
- Perform the scan
- Output an SBOM in CycloneDX or SPDX format
- Push the data to the central metadata store
- validate the scan results against your desired security policy