Features Coming Up: SCA Artifact Upload, KnoxCtl, SPDX Support, and Public Asset Tagging

AccuKnox just shipped five capabilities that change how teams scan software, generate SBOMs, and surface public exposure risk. Here is what shipped, why it matters, and how to use it.

Scan What You’ve Built, Not Just Where It Lives 

Most SCA integrations assume your CI/CD pipeline is reachable. Air-gapped environments, strict network segmentation, regulated industries, and legacy build systems all break that assumption. AccuKnox now removes the dependency entirely with SCA artifact upload.

Upload your artifact directly to the AccuKnox collector after building it locally or inside any pipeline. No credentials are shared. No outbound tunnel is required. No CI/CD integration has to be in place before your first scan result.

Upload your own artifacts to scan

Drag, drop, and scan artifacts in seconds

Stay within upload limits with real-time validation

If your batch exceeds 2 GB, the upload modal surfaces a file limit warning inline so you know exactly which files to remove before submitting. Scan schedule supports both recurring automated runs and on-demand execution, useful for point-in-time checks before a release without reconfiguring the collector.

Seamless artifact collection and scanning workflow

Submit scans and get notified

Quick access to scanning and configuration options

Coming next: S3 and blob storage URL support so teams can reference artifacts at rest without re-uploading, and on-demand scan triggers directly from the platform UI.

Azure Repos Are Now First-Class Citizens 

AccuKnox SCA has supported GitHub, GitLab, and Bitbucket for some time. Azure DevOps repositories now have full parity with all three.

Connect your Azure repositories with a personal access token, configure branch filtering with regex include and exclude patterns, and run SCA scans on the same schedule and notification model used across every other integration. Test connection runs inline during setup, so you catch credential or permission issues before saving.

Seamless integration with Azure DevOps for unified SCA workflows

Export SBOMs for transparency and compliance

Branch filtering keeps findings focused on production-bound code. A typical configuration includes main and release/.* while excluding features/.* and test/.*. For monorepos or repositories with hundreds of branches, this prevents the finding volume from becoming noise that developers learn to ignore.

SBOM Everywhere: SPDX, KnoxCtl, and Omni

Generating a software bill of materials is no longer optional. NTIA guidance, the U.S. Executive Order on Cybersecurity, and enterprise procurement requirements now treat SBOM data as a baseline expectation. AccuKnox covers three distinct scenarios that together address the full range of environments teams operate in.

SPDX import: 

• SPDX is the Linux Foundation’s open standard for software bill of materials. GitHub natively exports SPDX JSON from the dependency graph. AccuKnox now accepts SPDX file uploads directly.
• Export the SPDX JSON from your GitHub repository under Insights > Dependency Graph > Export SBOM, then upload it into AccuKnox via the SBOM upload modal. Assign a label to keep SBOMs organized by service or release. AccuKnox parses the file and surfaces a Components View with version and license data, and a License View that groups dependencies by license expression. Spotting a GPL-licensed component inside a proprietary service before it ships is exactly the kind of catch this view is built for.
• GitLab users follow the same process. SPDX export is available through the GitLab dependency list API alongside CycloneDX. Both formats are accepted.

Import existing SBOMs using standard SPDX format

Detailed breakdown of all software components

Track licenses to stay compliant and audit-ready

KnoxCtl: 

• KnoxCtl is AccuKnox’s unified CLI, now available as a cross-platform binary including a native Windows executable. Run it from PowerShell or your terminal without additional dependencies.
• Key commands: knoxctl scan for CI/CD pipeline scanning, knoxctl sbom to generate SBOMs from packages and containers, knoxctl image-scan for container image vulnerability analysis, and knoxctl onboard to connect a cluster to the AccuKnox platform. For local developers, this means you get vulnerability findings and SBOM output before you commit, without pushing code to a pipeline.

Unified CLI to simplify security workflows for developers

Universal VM-Scan: 

• Omni auto-generates SBOMs from virtual machines and bare-metal hosts, including Windows targets, from the same interface used for cloud-native workloads. Each registered host appears in the platform with vulnerability counts, license count, and component count. For organizations running hybrid infrastructure, Omni closes the coverage gap that previously left conventional VM fleets outside any SBOM program.

Automatically generate SBOMs across VMs and containers—even on Windows

Know What’s Public Before Anyone Else Does 

Public exposure status is rarely invisible in theory. It is invisible in practice because it is not surfaced next to the asset where engineers and reviewers make decisions. AccuKnox now auto-tags assets as publicly accessible during every scan.

The tag appears in the Assets inventory view and on every associated finding. Filter by public and you get a real-time list of every externally reachable resource in your cloud environment. Drill into any asset to see category, region, finding count, asset type, and raw resource metadata, all in one panel.

A misconfigured S3 bucket open to public access appears in your Assets list with the public tag alongside its finding count. You do not need to correlate a CSPM finding report with a separate infrastructure inventory export. Given that misconfigured cloud storage is consistently cited in public breach incident data as a leading exposure vector, having this signal at the asset level rather than buried in a weekly report is a meaningful operational improvement.

Set the public filter as a saved query in AccuKnox and check it at the start of each sprint or review cycle to catch any newly exposed assets since the last review. One click instead of a manual audit.

Centralized visibility into all discovered assets

Instantly identify publicly exposed assets and reduce risk

Smarter Ticket Hygiene with Parent-Child Issues

When a finding affects multiple resources, a single GitHub issue tracking all of them gets closed the moment any one fix lands. The remaining resources go untracked. AccuKnox now creates parent-child issue hierarchies in GitHub so each affected resource gets its own sub-issue named for that specific resource.

When all sub-issues close, the parent closes automatically. No manual verification of whether a multi-resource finding is fully remediated. For security teams managing high-volume finding queues, the difference between a partially closed issue and a confirmed fully remediated finding matters for audit and compliance evidence.

Conclusion

These five capabilities follow a consistent direction: AccuKnox is filling coverage gaps that leave security teams working with incomplete data. Artifact upload removes the CI/CD dependency. SPDX, KnoxCtl, and Omni make SBOM generation available across every environment. Public asset tagging makes exposure visible where it matters. Parent-child issues make remediation trackable without manual cross-referencing.

See what’s on the 2026 roadmap →

👉Explore AccuKnox Platform→

📅 Schedule a Free Demo →

Frequently Asked Questions