Skip to content

Comprehensive Software Bills of Materials

 

Contrast creates a comprehensive software bill of materials to meet regulatory and procurement requirements with support for both CycloneDX and SPDX. Contrast goes above and beyond the minimum SBOM standards set by NIST detailing critical security, versioning, environmental, and library usage information in its bill of materials.

The Contrast Secure Code Platform

Contrast provides the fastest, easiest, and most scalable application security platform available. Our instrumentation-based approach to SBOMs has a lot of advantages and by leveraging our integrated solutions (Contrast Assess, Contrast SCA, and Contrast Protect), organizations can achieve the regulator goals set by President Biden administration and be prepared to address any specific mandate. 

 

platform-banner-image-23

 

Organizations today need to:

  • Automate SBOMs without running
    any scans
  • Continuously stay
    up-to-date
  • Deliver SBOMs to match complete apps/APIs,
    not fragments
  • Deliver SBOMs to include all libraries, including servers and runtime platforms, not just what's in code repo
  • Deliver SBOMs that include services, such as backend databases, directories, queues, APIs, and more
  • Deliver SBOMs that contain detailed vulnerability information
  • Deliver SBOMs that report on exactly which components are in use, and which are never loaded, never used.
  • Not provide SBOMs that don't include test libraries and other non-deployed components

Gartner® Report: Innovation Insights for SBOMs

New research from Gartner indicates that “by 2025, 60% of organizations building or procuring critical infrastructure software will mandate and standardize SBOMs in their software engineering practice, up from less than 20% in 2022. By 2024, 90% of software composition analysis tools will be able to generate and verify SBOMs to help securely consumxe open-source software, up from 30% in 2022.”

With SBOM adoption looking to see a drastic increase, the question remains: “What best practices should enterprises exhibit to effectively scale and automate the production of SBOMs for the purpose of gauging the security posture of their software supply chain?” 

cs-gartner-sbom-report-032522-3
thumbnail_Creating SBOMs with Contrast

GitHub Marketplace

In addition to our commercial offering, Contrast’s own CTO and Co-founder Jeff Williams developed an open-source tool to automatically produce SBOMs at runtime for Java applications. You can find the tool on Contrast’s GitHub Marketplace page. 

Developers get more step-by-step guidance, integrations, and best practices from the Contrast Developer page.

SBOM Resources

Blog_SECURING THE SOFTWARE SUPPLY CHAIN STARTS WITH A SOFTWARE BILL OF MATERIALS (SBOM)_10252021

Gartner® Report: Innovation Insight for SBOMs

Gartner® Report details how businesses should incorporate SBOMS into the SDLC

Blog_11292021_Navigating (and Responding) to the Federal Binding Operational Directive 22-01

President Biden’s Executive Order: Secure the Software Supply Chain

President Biden mandates that software security is a national security matter

cs-codesec-1200x627-ani-banner-062822-emea

How to create SBOMs for free with CodeSec by Contrast

explore what SBOMs are and how to easily create them with Contrast Security’s free developer toolset — CodeSec.

Blog_05202021_President Biden’s Executive Order Secure the Software Supply Chain-1

Securing the Software Supply Chain Starts with a Software Bill of Materials

One of Contrast’s ongoing missions is to safeguard the software supply chain that powers businesses and federal agencies alike

Blog_02102021_AS 2020 CLOSED OUT, MORE APPLICATIONS HAD SERIOUS VULNERABILITIES AND ATTACK LIKELIHOOD REMAINED ELEVATED

Securing the Software Supply Chain in Modern Development Pipelines

Watch this webinar as industry experts in software security and engineering discuss how to lock down your software supply chain at scale

Blog_11292021_Navigating (and Responding) to the Federal Binding Operational Directive 22-01

Contrast Security Expands Free Developer Tool by Adding Open Source Security and SBOM Creation

CodeSec is the first free developer tool to combine world-renowned security testing and SCA functionality in a developer-friendly CLI to secure code and identify vulnerable third-party libraries

SBOMs are a critical component of having a secure software supply chain. As part of US Executive Order 14208, the US National Institute of Standards and Technology (NIST) includes a key directive for organizations to ‘Establish and maintain a software inventory or an SBOM. Free solutions for developers, like CodeSec - SCA, will play an important role in helping ramp up the adoption of SBOMs."

Kate Norton
Senior Research Analyst at IDC

IDC_LOGO_White_Color_Header_Full

Create SBOMs in Seconds

CodeSec provides a super simple mechanism for automatically creating SBOMs that then enables even more opportunities for automating the SBOM creation process.