Hi all,
the new Software Composition Tool is a great addition, but could be further improved. Currently it is necessary to manually download the sbom file / module overview and check for vulnerabilities yourself. As all the needed information is now available via the Software Composition Tool, an automatic scheduled check for each application could be added, which notifies the technical contact for each application as soon as a vulnerability is found in the used libraries/modules. This feature would help us a lot as the workload for manual review increases with each new application we release.