What’s sbom and what is it good for?

All Resources

SBOM (Software bill of materials) is like an ingredient list for your software artifact. It can help you see dependencies all the way through your software supply chain. Like a food ingredient list, it allows you to see if there is anything in that software you might be ‘allergic’ to – be it a specific package or a specific package license.

In a world where 80% of code is open-source with unclear provenance, increasing the visibility of what it is you’re getting or delivering has a lot of value in increasing software trust. This video explains what the minimum requirements of an SBOM are, covers some recent US regulations requiring the use of an SBOM, and demonstrates an open-source tool for creating SBOMs from docker images.