https://www.sonatype.com/event/webinar-q1-2024-aws-dxc-webinar
Comprehensive SBOMs (Software Bills of Materials)
Contrast creates a comprehensive software bill of materials to meet regulatory and procurement requirements with support for both CycloneDX and SPDX. Contrast goes above and beyond the minimum SBOM standards set by NIST detailing critical security, versioning, environmental, and library usage information in its bill of materials.
The Contrast Secure Code Platform Approach to SBOMs
Contrast provides the fastest, easiest, and most scalable application security platform available. Our instrumentation-based approach to SBOMs has a lot of advantages and by leveraging our integrated solutions (Contrast Assess, Contrast SCA, and Contrast Protect), organizations can achieve the regulator goals set by President Biden administration and be prepared to address any specific mandate.
Organizations today need to:
Automate SBOMs without running any scans
Continuously stay up-to-date
Deliver SBOMs to match complete apps/APIs, not fragments
Deliver SBOMs to include all libraries, including servers and runtime platforms, not just what's in code repo
Deliver SBOMs that include services, such as backend databases, directories, queues, APIs, and more
Deliver SBOMs that contain detailed vulnerability information
Deliver SBOMs that report on exactly which components are in use, and which are never loaded, never used.
Not provide SBOMs that don't include test libraries and other non-deployed components
https://www.contrastsecurity.com/sboms
Broad SBOM adoption takes root as businesses watch their supply chains
Research from Sonatype shows major companies are increasingly mandating outside vendors to account for the security of their applications.
Published Aug. 4, 2023
https://www.cybersecuritydive.com/news/sbom-adoption-businesses-supply-chains/690005/
Ilkka Turunen
Ilkka serves as Field CTO at Sonatype. He is a software engineer with a knack for rapid web-development and cloud computing and with technical experience on multiple levels of the XaaS cake. Ilkka is interested in anything and everything, always striving to learn any relevant skills that help towards building Sonatype for success.
https://blog.sonatype.com/author/ilkka-turunen/page/2
OSS is now critical infrastructure.
Ilkka Turunen
The report states that Open Source Software components have not only become critical infrastructure for modern information systems, but also that a vast majority of organisations leverage it whether or not they know it, and that most software today is assembled, not constructed.
Software development has moved from an artisanal, soup-to-nuts process to one more akin to bricklaying”
As custodians of the largest open source ecosystem in the Java world, we at Sonatype have witnessed this transformation first hand. There were 87 billion download requests from this repository in 2017. A similar repository for JavaScript components is seeing 7 billion downloads a week, as reported in October 2018.
As the tools in the hands of developers across all programming ecosystems make it easier to leverage external code, the software engineering process itself has transformed itself to a process resembling manufacturing.