Blog: Introduction to Software Bill Of Materials

Introduction to Software Bill Of Materials Introduction Definition: What is SBOM? Use cases in Supply chain security Before going through Software Bill Of Materials (SBOMs), we need to set the ground for a rising concern in the software industry which is Software Supply Chain Security. Like traditional industries, deploying a piece of a software artifact goes through multiple stages composed of collecting source code components, libraries, tools, and processes used in those stages. Fig. 1 https://blog. convisoappsec. com/en/is-your-software-supply-chain-secure/ A supply chain attack can occur along the chain from submitting unauthorized malicious code in your source, unauthorized injection of harmful dependencies, and even replacing packages after being built with other compromised artifacts. A more detailed explanation about those types of attacks is here Due to its importance and being a critical issue, generating SBOM for your software adds another layer of protection to this threat. As far as we know, developers around the world are building web applications using hundreds of third-party open-source libraries and packages. You can confidently tell that 90% of the software products around the world are built over open-source components. With that in mind, we need to keep track of using these dependencies while building our applications. What if there are vulnerabilities in the libraries we use? How to efficiently protect ourselves against it?. Software Bill Of Materials (SBOM) is a complete formally structured list of the materials (components, packages, libraries, SDK) used to build (i.