PRODUCT / FINDINGS AGGREGATION

Findings live at the SBOM level.
Decisions happen at the product level.

ReARM connects them, automatically.

ONE STRUCTURE, SIX LEVELS
SBOM/xBOM Release Branch Component Feature Set Product
FINDINGS ROLL UP → EVIDENCE ROLLS UP → POSTURE EMERGES →
01 / AUTOMATIC ASSEMBLY

One structure, six levels, zero stitching

Component releases bundle into product releases as they are produced. No manual assembly, no stale spreadsheets. The hierarchy above is not a diagram of your process; it is the live data model.

PLACEHOLDER — SCREENSHOT 4: hierarchy / product release composition view

02 / DRILL-DOWN

Product-level count to exact SBOM entry in three clicks

Start from a product-level vulnerability count. Click to the offending component, then to the exact SBOM entry that carries the finding. Every number on the dashboard is traversable to its source.

PLACEHOLDER — SCREENSHOT: drill-down from product finding to SBOM entry

03 / POINT-IN-TIME VS NOW

What did we know at ship time vs what do we know now

New CVEs and KEV entries are evaluated against shipped versions, not just the latest build. Posture at ship time is preserved as evidence; current posture is computed continuously.

PLACEHOLDER — SCREENSHOT: shipped-version posture vs current posture

From SBOM entry to ship decision, connected.