Example 1:
A small enterprise is in charge of creating and upkeeping a product known as Juice Shop. Managing vulnerabilities is an emerging requirement that must be adequately addressed. What type of SBOM Central license should they acquire? Juice Shop SBOM example GitHub
- They need 1 user license to manage security.
- Juice Shop is just one product so -> 1 SBOM product license is sufficient.
- Basic support
This enterprise should be able to effectively manage vulnerabilities by acquiring the BASIC license.
Example 2:
An enterprise is in charge of creating and maintaining 8 products and test environments. What type of SBOM Central license should they acquire?
- Three teams are in charge of the products so they need 5 user licenses. One each for the dev team leads, one for the product manager, and one for the security officer.
- 8 products/test environments require 8 SBOM products licenses.
- Pro support is required. One support contact will be sufficient here.
What is the license setup and cost:
- 5 user licenses needed = 2000 €/yearly
- 8 SBOM product licenses = two blocks of licenses, 3920 €/yearly
- 1 Pro support = 1200€/yearly
the total fee is 7120 €/yearly.
FREQUENTLY ASKED QUESTIONS
The user is activated when included into a team, and will then be able to login.
In short: it is the application/operating system/etc. that the SBOM describes, the main component of the software. In CycloneDX it is described as the “component” (se below).
The product is the unique combination of group/name in the metadata/component section.
Example of a component specification where the component (product) is named “npm/juice-shop” (group=npm & name=juice-shop):
{
“bomFormat”: “CycloneDX”,
“specVersion”: “1.2”,
“serialNumber”: “urn:uuid:1f860713-54b9-4253-ba5a-9554851904af”,
“version”: 1,
“metadata“: {
“timestamp”: “2020-08-03T03:20:53.771Z”,
“tools”: [
{
“vendor”: “CycloneDX”,
“name”: “Node.js module”,
“version”: “2.0.0”
}
],
“component“: {
“type”: “library”,
“bom-ref”: “pkg:npm/juice-shop@11.1.2”,
“group”: “npm”,
“name”: “juice-shop”,
“version”: “11.1.2”,
“description”: “Probably the most modern and sophisticated insecure web application”,
“licenses”: [
{
“license”: {
“id”: “MIT”
}
}
],
“purl”: “pkg:npm/juice-shop@11.1.2”,
“externalReferences”: [
{
“type”: “website”,
“url”: “https://owasp-juice.shop”
},
{
“type”: “issue-tracker”,
“url”: “https://github.com/bkimminich/juice-shop/issues”
},
{
“type”: “vcs”,
“url”: “git+https://github.com/bkimminich/juice-shop.git”
}
]
}
},
“components”: [
{
“type”: “library”,
“bom-ref”: “pkg:npm/body-parser@1.19.0”,
“name”: “body-parser”,
“version”: “1.19.0”,
“description”: “Node.js body parsing middleware”,
:
:
Access to the User Manual and FAQ.
Basic Support + email support + an account in the SBOM Central Support Web with a Ticket Support System.