Manifest allows you to receive notifications for new vulnerabilities, whether they originate from new assets or existing SBOMs. Filtering notifications helps you avoid alert fatigue and focus on what matters most. This page covers two main types of notifications:

1. Continuous Vulnerability Monitoring
2. New SBOM Vulnerability Alerts

Continuous Vulnerability Monitoring

Existing software libraries frequently have new vulnerabilities discovered on them. Continuous Monitoring notifications enables you to be notified on new vulnerabilities for libraries in your existing SBOMs.

Please follow these steps to enable these:

1. Navigate in the Manifest platform to Settings-> Vulnerability Alerts

2. Select the Risk Criteria to filter notifications so you receive alerts for what matters to you

3. Choose where you would like to receive notifications

   
   

Vulnerability Alerts for Newly Uploaded SBOMs

You can be notified whenever an SBOM is submitted to Manifest, whether from your organization or from a third party. The uploads from Third Party are through the "AskBOM" functionality, and for uploads for your own organization, that can come from manual drag-and-drop uploads, CI/CD Integrations, open source repository imports, and general CLI usage.

The steps to set up these notifications are as follow:

1. Navigate in the Manifest platform to Settings-> SBOM Upload Alerts (This might be a beta feature that Manifest can enable for you)

2. Click "Create Alert"

3. Name your Alert

4. Choose which sources and labels you want to monitor

   
   

5. "Select the Risk Criteria to filter notifications so you receive alerts for what matters to you

   

6. Choose where you would like to be notified at.