SBOM

Jan 1, 0001

Definition

A Software Bill of Materials (SBOM) is a comprehensive inventory of all components, libraries, and dependencies included in a software application. It details the version, origin, and licensing of each component, enabling organizations to manage vulnerabilities, ensure compliance, and maintain transparency in the software supply chain. SBOMs are critical for identifying and mitigating risks associated with third-party software components.

Secure Settings Example

sbom:
  version: "1.0"
  components:
    - name: "OpenSSL"
      version: "1.1.1k"
      license: "Apache-2.0"
      source: "https://www.openssl.org/source/"
    - name: "libcurl"
      version: "7.76.1"
      license: "MIT"
      source: "https://curl.se/download.html"
  policies:
    - ensure_latest_versions: true
    - verify_licenses: true

Insecure Settings Example

sbom:
  components:
    - name: "OpenSSL"
      version: "1.0.2"
      license: "Unknown"
    - name: "libcurl"
      version: "7.19.7"
      license: "Unknown"
  policies:
    - ensure_latest_versions: false
    - verify_licenses: false

SBOM

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter