See Supply Chain Security Tools for Tanzu – Store for overview information.
Supply Chain Security Tools - Store is released as an individual Tanzu Application Platform component.
To install, see Install Supply Chain Security Tools - Store. It will install the Postgres database and an API backend.
Note: The Insight CLI requires a separate installation.
For more information, see Deployment Details and Configuration.
The following steps are required to use the API or CLI:
The Insight CLI is the recommended means to query the database.
Note: The Insight CLI is in beta and is separate from the Tanzu CLI. It still works with the production version of Supply Chain Security Tools - Store.
See Add data to post CycloneDX scan reports to the Supply Chain Security Tools - Store.
See Query data to understand vulnerability, image, and dependency relationships.
The API server outputs logs when an endpoint is accessed, which can be used for auditing purposes. For information about the logs generated, see Log configuration and usage.
See Troubleshooting and Known Issues.
See Security.
See Backup suggestions.