Findings live at the SBOM level.
Decisions happen at the product level.
ReARM connects them, automatically.
One structure, six levels, zero stitching
Component releases bundle into product releases as they are produced. No manual assembly, no stale spreadsheets. The hierarchy above is not a diagram of your process; it is the live data model. Multi-level nesting is supported: products can contain products, and evidence propagates through every level.

Product-level count to exact artifact in three clicks
Start from a product-level vulnerability count. Click to the offending component, then to the exact SBOM entry that carries the finding. Every number on the dashboard is traversable to its source. Findings of every type are covered: vulnerabilities, weaknesses, policy and license violations, aggregated from Dependency-Track and your other tools, with triage and audit at organization, product, component or release scope.

What did we know at ship time vs what do we know now
New CVEs and KEV entries are evaluated against shipped versions, not just the latest build. Posture at ship time is preserved as evidence; current posture is computed continuously.
