Learn How to Use Product Security Hub
Step-by-step guides, tutorials, and reference docs for threat modeling, SBOM management, vulnerability tracking, and audit readiness. Start with quick-start guides or dive deep into specific workflows.
Quick Start Guides
Get up and running in minutes with these step-by-step tutorials.
Create Your First Product
Set up a new product in Product Security Hub, define its basic information, and prepare it for security analysis.
Build Your Architecture View
Create a visual representation of your product's components, data flows, and trust boundaries.
Add Components
Define product components to automatically generate threat models and security requirements.
Run Your First Threat Model
Apply threats from our pre-built catalog to your architecture and identify security risks.
Manage Security Requirements
Review requirements, document security controls, and trace to industry standards like NIST, ISO, and CRA.
Import Your First SBOM
Upload a CycloneDX SBOM and see your software components instantly cataloged in Product Security Hub.
Manage Residual Risks
Assess and document residual cybersecurity risks with CVSS scoring and AI-assisted justifications.
Manage Vulnerabilities
Triage, assess, and track vulnerabilities from SBOM scans with KEV checking and complete analysis workflows.
Use AI to Draft Content
Let AI help you draft CVSS justifications and document how your product meets requirements.
Workflow Guides
Deep dives into end-to-end workflows and best practices.
End-to-End: From Architecture to Compliance Evidence
Walk through the complete Product Security Hub workflow: define your architecture, model threats, map requirements, assess risks, and generate the evidence auditors need.
Managing Multiple Product Versions
Clone existing products to create new versions. Only document what changed—components, threats, and requirements carry forward automatically.
Triaging Vulnerabilities Effectively
A practical guide to reviewing scan results, assessing exploitability, documenting decisions, and tracking remediation progress.
Preparing for Audits & Submissions
Export comprehensive reports from Product Security Hub for FDA submissions, audits, and regulatory reviews—including SBOMs, threat models, and requirements traceability.
Reference Materials
Detailed documentation on Product Security Hub features and built-in content.
Threat Catalog
Hundreds of pre-built threats organized by STRIDE, traced to CWEs, pre-scored with CVSS.
Learn more →Requirements Catalog
Product-level requirements mapped to MDS2, NIST, ISO, SOC2, and FDA guidance.
Learn more →SBOM Formats
Import CycloneDX or Excel, manually create components, export for FDA compliance.
Learn more →CVSS Scoring Guide
Use CVSS v3.1/v4 for risk assessment with AI-assisted justifications.
Learn more →Tools & Additional Resources
Interactive tools and content to support your product security program.
ProdSecMaturity Assessment
Benchmark your product cybersecurity maturity and identify where to invest next.
Take the assessment →Product Security Readiness
Key elements to consider before going to market with connected or regulated products.
View checklist →SBOM Best Practices
How to generate, manage, and use SBOMs effectively for vulnerability management.
Read guide →Ready to get started?
See Product Security Hub in action and get a personalized walkthrough of these features.