Lineaje Learning Center
  • About Lineaje
  • Lineaje Product Offering
  • Getting started
    • Create an account
      • Configure Azure AD for sso
      • Configure Okta for sso
    • Onboarding workflow
  • SBOM360, OSM
    • Generate an SBOM
      • Source Code Management (SCM) As Source
        • Public Code Repositories
        • Private Code Repositories
          • Configure GitHub credentials
          • Configure Bitbucket credentials
          • Configure Gitlab credentials
          • Configure Git credentials
          • Configure Azure Repo
        • Frequently Asked Questions
      • Container Image As Source
        • Public Container Image
        • Private Container Image
          • Configure AWS Elastic Container Registry
          • Configure Google Container Registry
          • Configure Docker Hub
          • Configure Generic OCI Registry
          • Configure Azure Container Registry
        • Frequently Asked Questions
      • Existing SBOM As Source
        • EO 14028 checks
      • Manifest file As Source
      • Android Package Kit (APK)
      • Using Lineaje CLI
    • Explore Your SBOM
      • Info
      • Attestation
      • IRL
      • Dependencies
      • Provenance
      • Vulnerabilities
      • Mitigations
      • Security Posture
      • Code Quality
      • Suppliers & Licenses
      • Findings
    • Manage Your SBOM
    • Dashboard
    • Search
    • Policies and Gates
    • Organization and User Management
      • Organization example
    • Lineaje AI
    • AI Plan and AI Remediate
      • JIRA Integration
  • SBOM360 Hub
    • My Products
    • My SBOMS
    • Find & Review SBOMs
    • Manage Your Repository
    • Request and Share SBOMS
    • Settings
    • User Roles
  • Lineaje CLI
    • System Configuration
    • Toolset Configuration
    • CLI Installation
    • CLI Usage
    • Troubleshooting CLI issues
    • Support matrix
  • Integration with CICD pipeline
    • Pre-Requisites
    • Generate Project from source code
      • Project creation using Lineaje cloud
  • Abbreviations and Descriptions
  • Release Notes
    • Unified Scanner for AWS
Powered by GitBook
On this page
  1. SBOM360, OSM

Lineaje AI

PreviousOrganization exampleNextAI Plan and AI Remediate

Last updated 1 year ago

Lineaje is powered by AI in and BOMbot.

BOMbot

BOMbot is a chatbot that can help answering questions about your projects.

With Lineaje BOMbot, you can chat, view the data for your question, ask for recommendation.

Chat

BOMbot can answer questions about your projects like

  • What are the critical vulnerabilities in the project?

  • How many critical vulnerabilities are present in the project that have available fixes?

  • Summarize the high severity vulnerabilities that have patches available in my SBOM

  • Show the exploitable vulnerabilities in the project

  • Which exploitable vulnerabilities in the project's dependencies have fixes available?

  • Show me vulnerable components that are older than 36 months

  • Show we critical vulnerabilities that have code issues

View Details

Along with the answers to your question, the BOMbot also gives all relevant data associated with the answer available under "View Details" link. Clicking on the link opens up a table view that shows all the relevant data.

Recommendation

You can ask BOMbot recommendations in fixing the issues. An e.g. recommendation is shown below

Query : "Show me the recommendation for fixing vulnerabilities"

"Recommendation

There are a total of 88 components, with 17 direct dependencies and 71 transitive dependencies. The direct dependencies consist of 17 OSS components, while the transitive dependencies consist of 71 OSS components.

The total vulnerability count is 70, with 38 direct vulnerabilities and 32 transitive vulnerabilities. The 38 direct vulnerabilities consist of 38 OSS vulnerabilities.

Of the direct dependency vulnerabilities, 3 components have vulnerabilities with fixes available, while 14 components have vulnerabilities without fixes available. There are 4 direct dependency vulnerabilities that have fixes available.

Here are some of the least effort changes that can be applied

pkg:maven/org.apache.rocketmq/rocketmq-broker@5.0.0 to pkg:maven/org.apache.rocketmq/rocketmq-broker@5.1.1 pkg:maven/org.apache.rocketmq/rocketmq-controller@5.0.0 to pkg:maven/org.apache.rocketmq/rocketmq-controller@5.1.1 pkg:maven/org.apache.rocketmq/rocketmq-namesrv@5.0.0 to pkg:maven/org.apache.rocketmq/rocketmq-namesrv@5.1.2

Since there are no vulnerabilities impacted by the least effort changes, the IRL score of 7.13 does not change for this scenario.

Here are some of the optimal effort changes that can be applied

pkg:maven/org.apache.rocketmq/rocketmq-broker@5.0.0 to pkg:maven/org.apache.rocketmq/rocketmq-broker@5.1.1 pkg:maven/org.apache.rocketmq/rocketmq-controller@5.0.0 to pkg:maven/org.apache.rocketmq/rocketmq-controller@5.1.1 pkg:maven/org.apache.rocketmq/rocketmq-namesrv@5.0.0 to pkg:maven/org.apache.rocketmq/rocketmq-namesrv@5.1.2

Applying the optimal effort changes reduces the total vulnerability count from 70 to 21, and the IRL score improves from 7.13 to 6.35."

Search