Step 2. Ingest and monitor SBOMs in LeanIX VSM

Map SBOM data to the VSM Service Catalog

Following the SBOM generation and pushing it to LeanIX mapping it to the wider VSM data is a brief one-time effort that sets technical data from the CycloneDX files into the further context.

At the core of this setup sits the Mapping Inbox, a central filter that allows easy filtering & matching of data from different sources, ensuring that all data in the catalog is actually of value and properly aligned:

In the inbox you want to filter to the correct source for SBOM data and check the list of unmapped services. The inbox comes with suggests fitting matches with data already in your service catalog (for example from a scan of your repository).

Check whether the suggested mapping is correct and map your SBOM data. You can do this for one or multiple services at the same time, as well as mass-import all services from your source.

In case of mistakes the mapping inbox also allows unmapping data from catalog entries.

This setup is a one-time effort you only have to go through during the initial SBOM setup. Subsequent updates, e.g. from further CICD pipeline builds, will be automatically matched to the first selected mapping.