Software Bill of Material

 

https://www.sonatype.com/event/webinar-q1-2024-aws-dxc-webinar

Comprehensive SBOMs (Software Bills of Materials)

 

Contrast creates a comprehensive software bill of materials to meet regulatory and procurement requirements with support for both CycloneDX and SPDX. Contrast goes above and beyond the minimum SBOM standards set by NIST detailing critical security, versioning, environmental, and library usage information in its bill of materials.

The Contrast Secure Code Platform Approach to SBOMs

Contrast provides the fastest, easiest, and most scalable application security platform available. Our instrumentation-based approach to SBOMs has a lot of advantages and by leveraging our integrated solutions (Contrast Assess, Contrast SCA, and Contrast Protect), organizations can achieve the regulator goals set by President Biden administration and be prepared to address any specific mandate. 

Organizations today need to:

Automate SBOMs without running any scans

Continuously stay up-to-date

Deliver SBOMs to match complete apps/APIs, not fragments

Deliver SBOMs to include all libraries, including servers and runtime platforms, not just what's in code repo

Deliver SBOMs that include services, such as backend databases, directories, queues, APIs, and more

Deliver SBOMs that contain detailed vulnerability information

Deliver SBOMs that report on exactly which components are in use, and which are never loaded, never used.

Not provide SBOMs that don't include test libraries and other non-deployed components

https://www.contrastsecurity.com/sboms

Broad SBOM adoption takes root as businesses watch their supply chains

Research from Sonatype shows major companies are increasingly mandating outside vendors to account for the security of their applications.

Published Aug. 4, 2023

https://www.cybersecuritydive.com/news/sbom-adoption-businesses-supply-chains/690005/

Ilkka Turunen

Ilkka serves as Field CTO at Sonatype. He is a software engineer with a knack for rapid web-development and cloud computing and with technical experience on multiple levels of the XaaS cake. Ilkka is interested in anything and everything, always striving to learn any relevant skills that help towards building Sonatype for success.

https://blog.sonatype.com/author/ilkka-turunen/page/2

OSS is now critical infrastructure.

Ilkka Turunen

The report  states that Open Source Software components have not only become critical infrastructure for modern information systems, but also that a vast majority of organisations leverage it whether or not they know it, and that most software today is assembled, not constructed.

Software development has moved from an artisanal, soup-to-nuts process to one more akin to bricklaying”

As custodians of the largest open source ecosystem in the Java world, we at Sonatype have witnessed this transformation first hand. There were 87 billion download requests from this repository in 2017. A similar repository for JavaScript components is seeing 7 billion downloads a week, as reported in October 2018.

As the tools in the hands of developers across all programming ecosystems make it easier to leverage external code, the software engineering process itself has transformed itself to a process resembling manufacturing.

https://blog.sonatype.com/house-oversight-committee-6-strategies-for-modern-cybersecurity-risks