PRODUCT / FINDINGS AGGREGATION
Findings live at the SBOM level.
Decisions happen at the product level.
ReARM connects them, automatically.
ONE STRUCTURE, SIX LEVELS
SBOM/xBOM Release Branch Component Feature Set Product
FINDINGS ROLL UP → EVIDENCE ROLLS UP → POSTURE EMERGES →
01 / AUTOMATIC ASSEMBLY
One structure, six levels, zero stitching
Component releases bundle into product releases as they are produced. No manual assembly, no stale spreadsheets. The hierarchy above is not a diagram of your process; it is the live data model.
PLACEHOLDER — SCREENSHOT 4: hierarchy / product release composition view
02 / DRILL-DOWN
Product-level count to exact SBOM entry in three clicks
Start from a product-level vulnerability count. Click to the offending component, then to the exact SBOM entry that carries the finding. Every number on the dashboard is traversable to its source.
PLACEHOLDER — SCREENSHOT: drill-down from product finding to SBOM entry
03 / POINT-IN-TIME VS NOW
What did we know at ship time vs what do we know now
New CVEs and KEV entries are evaluated against shipped versions, not just the latest build. Posture at ship time is preserved as evidence; current posture is computed continuously.
PLACEHOLDER — SCREENSHOT: shipped-version posture vs current posture