What’s an SBOM?
Software Bills of Materials (SBOMs) were born out of the need to provide a better way to accurately track and understand the origin, makeup and current state of a software package.
Whereas a Bill of Materials (BOM) is a structured list of the components needed to build a software package, identified by their quantity and source, an SBOM is a standardized way to identify the software components used by an application that needs to be tested, along with their supply-chain relationships. It lists all the open-source libraries used, other third-party proprietary libraries and some metadata about the custom code in the product.
SBOMs have recently gained popularity due to the increased need to understand what kind of libraries are being utilized as part of the development of applications. One such example came from a recent Executive Order by the Biden administration instructing various government agencies to take action to improve our nation’s cybersecurity. One of these actions was to provide guidance and standards on SBOMs, given that they’re a great tool to search for, and resolve, vulnerabilities hidden within the various parts of the products used.
How can Contrast Security help?
Don’t believe us? Test it out yourself!
Contrast built its SCA functionality to equip developers with fast and accurate security for real-world applications. That’s why Contrast has made this SBOM capability available not only within our enterprise version of Contrast SCA, but also within Contrast’s new free-to-use developer security motion, CodeSec, as well. Powered by the same SCA scanning engine as the enterprise version of Contrast SCA, CodeSec allows developers to rely on the same level of performance and accuracy as our enterprise customers — for free!
Create SBOM in seconds for free with CodeSec!
- Click here for our video tutorial