Software bill of materials reports and CVEs are relatively easy to manage in a monolithic architecture. When you move from traditional development to microservices, though, things get a bit more complicated. Applications become 'logical' collections of microservices, and each microservice has its own SBOM and CVE information. In this session, we will discuss the use of a service governance catalog to track the SBOM and CVE data at the 'logical' application level. If you are looking to evolve your CD pipeline to support a microservices implementation with supply chain data, this session is for you.