Software Bill of Materials (SBOM)
· SBOM is an inventory of all the open source and third-party components present in a codebase.
· It also lists the licenses that govern these components, the versions of the components used, and their patch status, which allows security teams to quickly identify any associated security or license risks.
· Software Composition Analysis (SCA) tools can automate the process of identifying open-source software in codebase.
· Any organization that builds software should maintain an SBOM for their codebases.
· Maintaining an SBOM is mandatory for organizations working with the US government.
· It is also one of the requirements of PCI DSS standard.
Test your knowledge: Which of these risk(s) can be addressed by maintaining an SBOM – supply chain, operational, reputational, compliance, performance?