Building your application topology
The quality and completeness of your organization’s application definitions are essential
for IBM®
Concert ’s ability to surface
vulnerabilities, compliance issues, and other details about your operational health. You can define
your applications and environments from ingested components or generate SBOM files in the supported
formats. With this information, Concert provides a
holistic view of your application and environment topology.
Generating a Concert-defined SBOM
The IBM Concert platform supports three custom, Concert -defined SBOM schemas required to generate a holistic view of your global application topology. The ConcertDef schemas contain a subset of application component-type extensions, including a properties object with details about the change to the CI/CD pipeline.
Generating a package SBOM (CycloneDX)
The IBM Concert platform supports application data ingestion in the form of a CycloneDX SBOM file containing information about the software packages utilized in your applications.
Uploading an SBOM file
Use one of the following methods to upload an SBOM file to Concert .
Defining an application from components
One method for defining your applications is to select relevant images and repositories from your component library. The component library is populated based on existing data ingestion jobs or SBOM files that pull application component and lifecycle data from your third-party tools and services.
Defining an environment from components
One method for defining your environments is to select relevant images from a library of ingested components. The component library is populated based on existing data ingestion jobs that pull application and environment data from your third-party tools and services.