Skip to content

Comprehensive SBOMs (Software Bills of Materials)


Contrast creates a comprehensive software bill of materials to meet regulatory and procurement requirements with support for both CycloneDX and SPDX. Contrast goes above and beyond the minimum SBOM standards set by NIST detailing critical security, versioning, environmental, and library usage information in its bill of materials.

The Contrast Secure Code Platform Approach to SBOMs

Contrast provides the fastest, easiest, and most scalable application security platform available. Our instrumentation-based approach to SBOMs has a lot of advantages and by leveraging our integrated solutions (Contrast Assess, Contrast SCA, and Contrast Protect), organizations can achieve the regulator goals set by President Biden administration and be prepared to address any specific mandate. 




Organizations today need to:

  • Automate SBOMs without running
    any scans
  • Continuously stay
  • Deliver SBOMs to match complete apps/APIs,
    not fragments
  • Deliver SBOMs to include all libraries, including servers and runtime platforms, not just what's in code repo
  • Deliver SBOMs that include services, such as backend databases, directories, queues, APIs, and more
  • Deliver SBOMs that contain detailed vulnerability information
  • Deliver SBOMs that report on exactly which components are in use, and which are never loaded, never used.
  • Not provide SBOMs that don't include test libraries and other non-deployed components
thumbnail_Creating SBOMs with Contrast

Open-Source SBOM Tool for Java Applications

In addition to our commercial offering, Contrast’s own CTO and Co-founder Jeff Williams developed an open-source tool to automatically produce SBOMs at runtime for Java applications. You can find the tool on Contrast’s GitHub Marketplace page. 

Developers get more step-by-step guidance, integrations, and best practices from the Contrast Developer page.

SBOM Resources

Blog_11292021_Navigating (and Responding) to the Federal Binding Operational Directive 22-01

President Biden’s Executive Order: Secure the Software Supply Chain

President Biden mandates that software security is a national security matter


How to create SBOMs for free with CodeSec by Contrast

explore what SBOMs are and how to easily create them with Contrast Security’s free developer toolset — CodeSec.

Blog_05202021_President Biden’s Executive Order Secure the Software Supply Chain-1

Securing the Software Supply Chain Starts with a Software Bill of Materials

One of Contrast’s ongoing missions is to safeguard the software supply chain that powers businesses and federal agencies alike


Securing the Software Supply Chain in Modern Development Pipelines

Watch this webinar as industry experts in software security and engineering discuss how to lock down your software supply chain at scale

Blog_11292021_Navigating (and Responding) to the Federal Binding Operational Directive 22-01

Contrast Security Expands Free Developer Tool by Adding Open Source Security and SBOM Creation

CodeSec is the first free developer tool to combine world-renowned security testing and SCA functionality in a developer-friendly CLI to secure code and identify vulnerable third-party libraries

SBOMs are a critical component of having a secure software supply chain. As part of US Executive Order 14208, the US National Institute of Standards and Technology (NIST) includes a key directive for organizations to ‘Establish and maintain a software inventory or an SBOM. Free solutions for developers, like CodeSec - SCA, will play an important role in helping ramp up the adoption of SBOMs."

Kate Norton
Senior Research Analyst at IDC


Create SBOMs in Seconds

CodeSec provides a super simple mechanism for automatically creating SBOMs that exceed NIST standards that then enables even more opportunities for automating the SBOM creation process.