What’s sbom and what is it good for - ingredients list of software

Composability Summit

SBOM (Software bill of materials) is like an ingredient list for your software artifact. it can help you see dependencies all the way through your software supply chain. like a food ingredient list It allows you to see if there is anything in that software you might be 'allergic' to - be it a specific package or a specific package license. in a world where 80% of code is open-source with unclear provenance, increasing the visibility of what it is you're getting or delivering has a lot of value in increasing software trust. I'll show you what the minimum requirements of an SBOM are, cover some recent US regulations requiring the use of an SBOM, and demonstrate an open-source tool for creating SBOMs from docker images.