SBOM Management

Analysis, Monitoring, and Sharing.

What is SBOM Central?

On-prem options are available.

What is an SBOM?

A Software Bill of Materials (SBOM) is a document that lists all the software components that are used in a particular software product or application, including both proprietary and open-source components, as well as their version numbers, dependencies, and origins.

WHY ARE SBOMS IMPORTANT?

SBOMs are important tools for enhancing supply chain security, managing software vulnerabilities, ensuring compliance, and making informed decisions about software risk management. They play a crucial role in today’s cybersecurity landscape, where software supply chain attacks are a growing concern.

News / Blogs

In Swedish: Höstens första podd från SIG Security är här! Som vanligt bjuds det på ett aktuellt ämne från en av föreläsningarna under en FOKUS-kväll. Det är…

Continue Reading

SBOM Central has now added the capability to generate VEX reports enhancing its functionality. VEX stands for Vulnerability Exploitability eXchange and is a standardized document that provides…

Continue Reading

T2 Data is a partner at the Swedish conference about Cybersecurity for critical infrastructure. The conference is in Swedish, read more.

Continue Reading

Security is constantly moving, and a secure system today might be vulnerable tomorrow—even without any changes or updates.  Vulnerabilities can emerge and be identified at any point…

Continue Reading

Improve your supply chain security with SBOM Central.

Upload or create SBOMs.

Generate SBOMs at any stage of your development process. Upload each SBOM automatically through the RestAPI and start component identification and security analytics.

You may also upload SBOMs manually through the SBOM Central web interface, or, create SBOMs with the included SBOM tool.

The Artifact Dictionary service will support you when manually creating external artifacts in the Artifact tool.

Analyze and monitor your SBOMs.

SBOM Central performs an in-depth analysis of your SBOMs, delivering real-time insights into their status concerning vulnerabilities, weaknesses, and potential exploits. Additionally, it offers comprehensive component health information, including version details, updates, project activity, licensing, and more.

The service offers continuous monitoring and keeps security and health data for your SBOMs up-to-date. It also provides customizable notifications for specific versions.

You can achieve full traceability for your SBOMs, allowing you to track the evolution of each application and uncover any unexpected dependencies or potential malicious attempts to infiltrate the build process.

Evaluate and prioritize your risks.

Vulnerability prioritization involves identifying vulnerabilities and determining their order of remediation by considering factors like potential consequences, exploitability, and additional contextual information such as asset details, severity, business-criticality, and threat intelligence. The objective is to give priority to addressing high-risk vulnerabilities promptly, while lower-risk ones are addressed in due course, all while aligning with an organization’s unique objectives and risk tolerance.

Share SBOMs, decisions and current status.

Recent regulations in both the European Union (EU) and the United States (US) necessitate organizations to implement new policies concerning the disclosure and transparency of software contents. NIS2: ”…. security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure;” CRA (Cyber Resilience Act): ”Enhance the transparency of security properties of products with digital elements, and enable businesses and consumers to use products with digital elements securely.”

SBOM Central has powerful features to automate sharing of SBOMs with selected groups of people and organizations. The shared information may include decisions and real-time status regarding vulnerabilities, exploits, and more.

Supported data sources:

Read about SBOMs and regulations: the NIS2 Directive, the Cyber Resilience Act, and the US Executive Order on Improving the Nation’s Cybersecurity.

Read here

There are several important use cases for an SBOM:

Supply Chain Security

An SBOM helps organizations identify and manage vulnerabilities in their software supply chain by providing visibility into the components they use. It enables them to identify security risks and apply appropriate mitigations or updates.

Vulnerability Management

SBOMs allow organizations to quickly identify whether they are using vulnerable software and take appropriate actions, such as patching or updating.

Compliance and Licensing

SBOMs help organizations ensure they are compliant with legal and regulatory requirements, including open-source licensing obligations, by providing an auditable record of all software components and their respective licenses.

Mergers and Acquisitions

During the due diligence process, SBOMs provide valuable insights into the software assets of a target company, helping to identify potential risks, liabilities, and integration challenges.

Incident Response

In the event of a security breach or other incident, an SBOM can help incident responders and security analysts understand the affected components and their relationships, aiding in the investigation and remediation process.

Software Development Lifecycle

By integrating SBOMs into the software development process, developers can make more informed decisions about the components they use, ensuring that the final product is secure, compliant, and efficient.

Who is the typical user of SBOM Central?

SBOM Central aims to deliver a service that is accessible and user-friendly to a wide range of professionals and roles. It strives to offer a highly automated, cost-effective solution with an intuitive user interface. Examples:

DevOps Engineer

DevOps engineers are responsible for developing and deploying software applications. SBOM Central provides services to assess the security of code and applications, ensuring that vulnerabilities are identified and resolved before and after deployment.

Procurement Officer

By requesting an SBOM, procurement officers can upload it to the SBOM Central to enhance their decision-making process, prioritize security and compliance requirements, and mitigate potential risks associated with the software supply chain.

Risk Manager

Risk managers assess and mitigate risks within an organization. They can leverage SBOM Central services to identify and prioritize vulnerabilities based on their potential impact and likelihood of exploitation, helping them make informed decisions on risk mitigation strategies.

Security Analyst

Security analysts play a crucial role in using vulnerability detection services. With SBOM Central they can perform scans, analyze results, and interpret the findings to identify potential vulnerabilities in systems, networks, or applications. They then work on remediation plans or coordinate with other teams to address the identified vulnerabilities.

Compliance Officer

Compliance officers ensure the organization adheres to relevant regulations, industry standards, internal policies, and legal obligations. They may utilize SBOM Central services to assess compliance with security requirements and identify vulnerabilities that may pose compliance risks. It provides transparency into the open-source software components and licenses used, helping officers verify license compliance and avoid legal disputes.