Fits the toolchain you already run
SBOMVault connects to source control, CI/CD, alerting, ticketing, SIEM, GRC, container registries, and identity — so software-supply-chain evidence flows through the systems your engineering and security teams use every day.
Source control
Connect a repository over OAuth. SBOMVault auto-generates and scans an SBOM on every push.
GitHub
OAuth app. Auto-generate and scan SBOMs on push.
GitLab
OAuth app. Auto-generate and scan SBOMs on push.
CI/CD pipelines
A drop-in pipeline step authenticated with a scoped API key. Copy the snippet into your pipeline and it uploads the SBOM on each build — no managed OAuth connector required.
GitHub Action
Published action that builds and uploads the SBOM.
GitLab CI component
Reusable CI component for your .gitlab-ci.yml.
Jenkins
Drop-in pipeline step using a scoped API key.
Azure DevOps
Drop-in pipeline step using a scoped API key.
Bitbucket Pipelines
Drop-in pipeline step using a scoped API key.
CircleCI
Drop-in pipeline step using a scoped API key.
Notifications & on-call
EnterpriseVaultScore-filtered alerts route to the channel your team watches. Criticals page your on-call.
Slack
VaultScore-filtered alerts to a channel.
Microsoft Teams
EnterpriseVaultScore-filtered alerts to a channel.
PagerDuty
EnterpriseCriticals page your on-call rotation.
Opsgenie
EnterpriseCriticals page your on-call rotation.
Signed webhooks
EnterpriseGeneric, signed payloads to any endpoint.
Ticketing & ITSM
EnterpriseAuto-create issues and incidents when a finding crosses your VaultScore threshold.
Jira
EnterpriseAuto-create issues above a VaultScore threshold.
ServiceNow
EnterpriseAuto-create incidents above a VaultScore threshold.
SIEM streaming
EnterpriseStream audit and vulnerability events to your security data platform in real time.
Splunk (HEC)
EnterpriseStream audit and vulnerability events via HEC.
Microsoft Sentinel
EnterpriseStream audit and vulnerability events.
Google Chronicle
EnterpriseStream audit and vulnerability events.
Kafka
EnterpriseStream audit and vulnerability events to a topic.
GRC & vuln orchestration
EnterprisePush prioritized findings into the governance and remediation platform of record over REST.
Archer
EnterpriseREST push of prioritized findings.
OneTrust
EnterpriseREST push of prioritized findings.
MetricStream
EnterpriseREST push of prioritized findings.
Brinqa
EnterpriseREST push of prioritized findings.
Vulcan Cyber
EnterpriseREST push of prioritized findings.
Nucleus Security
EnterpriseREST push of prioritized findings.
Container registries
Native image pull and scan. Public registries work out of the box; private registries connect via stored credentials, and self-hosted or internal-network registries through an admin opt-in.
Docker Hub
Native image pull and scan. Public out of the box.
GHCR
Native image pull and scan. Private via stored credentials.
Amazon ECR
Native image pull and scan. Private via stored credentials.
Google Artifact Registry / GCR
Native image pull and scan. Private via stored credentials.
Azure ACR
Native image pull and scan. Private via stored credentials.
Harbor
Native image pull and scan. Self-hosted via admin opt-in.
Quay
Native image pull and scan. Private via stored credentials.
JFrog Artifactory
Native image pull and scan. Private via stored credentials.
Sonatype Nexus
Native image pull and scan. Self-hosted via admin opt-in.
Identity & keys
Single sign-on, automated provisioning, and bring-your-own-key encryption for regulated tenants.
SSO (SAML / OIDC)
Enterprise single sign-on via WorkOS.
SCIM provisioning
Automated user and group provisioning.
AWS KMS / CloudHSM
Bring-your-own-key encryption with HSM backing.
Azure Key Vault
Coming soonBYOK encryption.
GCP Cloud KMS
Coming soonBYOK encryption.
CyberArk
Coming soonSecrets and key brokering.
GitHub, GitLab, and Slack are available on Growth and above. Microsoft Teams, PagerDuty, Opsgenie, SIEM streaming, GRC push, Jira, ServiceNow, and private container registries are Enterprise capabilities. Items marked “coming soon” are on the roadmap and not yet available.
See it wired into your stack
Bring the connectors your teams already depend on. We will map them to your environment on a short call — or start free and connect a repository today.