Comprehensive SBOMs (Software Bills of Materials)
Contrast creates a comprehensive software bill of materials to meet regulatory and procurement requirements with support for both CycloneDX and SPDX. Contrast goes above and beyond the minimum SBOM standards set by NIST detailing critical security, versioning, environmental, and library usage information in its bill of materials.
The Contrast Secure Code Platform Approach to SBOMs
Contrast provides the fastest, easiest, and most scalable application security platform available. Our instrumentation-based approach to SBOMs has a lot of advantages and by leveraging our integrated solutions (Contrast Assess, Contrast SCA, and Contrast Protect), organizations can achieve the regulator goals set by President Biden administration and be prepared to address any specific mandate.
Organizations today need to:
Automate SBOMs without running
Deliver SBOMs to match complete apps/APIs,
Deliver SBOMs to include all libraries, including servers and runtime platforms, not just what's in code repo
Deliver SBOMs that include services, such as backend databases, directories, queues, APIs, and more
Deliver SBOMs that contain detailed vulnerability information
Deliver SBOMs that report on exactly which components are in use, and which are never loaded, never used.
Not provide SBOMs that don't include test libraries and other non-deployed components
Open-Source SBOM Tool for Java Applications
In addition to our commercial offering, Contrast’s own CTO and Co-founder Jeff Williams developed an open-source tool to automatically produce SBOMs at runtime for Java applications. You can find the tool on Contrast’s GitHub Marketplace page.
Developers get more step-by-step guidance, integrations, and best practices from the Contrast Developer page.
President Biden’s Executive Order: Secure the Software Supply Chain
President Biden mandates that software security is a national security matter
How to create SBOMs for free with CodeSec by Contrast
explore what SBOMs are and how to easily create them with Contrast Security’s free developer toolset — CodeSec.
Securing the Software Supply Chain Starts with a Software Bill of Materials
One of Contrast’s ongoing missions is to safeguard the software supply chain that powers businesses and federal agencies alike
Securing the Software Supply Chain in Modern Development Pipelines
Watch this webinar as industry experts in software security and engineering discuss how to lock down your software supply chain at scale
Contrast Security Expands Free Developer Tool by Adding Open Source Security and SBOM Creation
CodeSec is the first free developer tool to combine world-renowned security testing and SCA functionality in a developer-friendly CLI to secure code and identify vulnerable third-party libraries
SBOMs are a critical component of having a secure software supply chain. As part of US Executive Order 14208, the US National Institute of Standards and Technology (NIST) includes a key directive for organizations to ‘Establish and maintain a software inventory or an SBOM. Free solutions for developers, like CodeSec - SCA, will play an important role in helping ramp up the adoption of SBOMs."
Senior Research Analyst at IDC
Create SBOMs in Seconds
CodeSec provides a super simple mechanism for automatically creating SBOMs that exceed NIST standards that then enables even more opportunities for automating the SBOM creation process.