Create an application vulnerable item rule in the Software Bill of Materials Workspace

リリースバージョン: Australia

更新日 2026年03月12日

所要時間：3分

Set up the conditions under which application vulnerable items (AVITs) are created automatically in the AVI Creation Rules module in the Software Bill of Materials (SBOM) Workspace.

始める前に

The SBOM Response application is required if you want to create application vulnerable items. See Exploring Software Bill of Materials for more information.

Role required: sn_sbom_resp.manage_avi_rule.

手順

Navigate to SBOM Workspace > AVI Creation Rules.
Select New.

Fill out the fields.


Field	Description
Name	Name of the rule.
Active	Indicates whether the creation rule is activated.
Execution order	Order in which the rules are evaluated. The rule with the lowest numerical value runs first. For example, you might create higher priority rules for items that need special handling, or where risk is critical, so they are run first. Next, create general rules for items that require no special handling. Finally, create a default rule to catch any components that have vulnerabilities.
Description	Description of the rule to help you distinguish it from other rules.
Conditions	Create the conditions under which application vulnerable items (AVIs) are created. For example, you might select [Vulnerability > Severity][is][1-Critical] to create AVITs for components that have vulnerabilities that are high-risk and might severely impact you. Note that you can add more conditions.

Select Save.
Your creation rule runs automatically after the next upload and creates AVIs for components that match your conditions. You can also run the rule on-demand from the AVI Creation Rules module by selecting Execute Now.

タスクの結果

After they are created, you can verify that an AVIT was created specifically for SBOM data by checking the values in the Source and Scan type fields on an AVI record.


Field	Value
Source	SBOM
Scan type	SBOM-SCA