sbom Software Bill of Materials

Bill of Materials (SBOM)

What do the NSA, NASA, Microsoft, AT&T, McDonald’s, Volvo, and Credit Suisse have in common?

They are just a few of the 18,000 companies and agencies on the client roster of SolarWinds, the company at the center of the largest software supply chain attack in history.

While attacks against the software supply chain aren’t new, the SolarWinds attack has caused a flurry of new regulations aimed at protecting government agencies, critical infrastructure, and private sector companies from similar attacks.

What Are SBOMs and Why Do They matter?

SBOMs are a formal, machine-readable inventory of software components and dependencies. They’re designed to track the details and supply chain relationships of software components, their dependencies, and their hierarchal relationships.

The purpose of SBOMs is to provide transparency into the components that make up software so that vulnerabilities can be tracked and fixed.

The SolarWinds attack served as a catalyst for President Biden, who tasked the National Institute of Standards and Technology (NIST) with developing a plan to protect the software supply chain as a critical component of the country’s cybersecurity posture.

The result is that SBOMs are required for any software that:

  • Runs with elevated privilege or manages privileges
  • Has direct or privileged access to networking or computing resources
  • Controls access to data or operational technology
  • Performs a function critical to trust
  • Operates outside of normal trust boundaries with privileged access
SBOMs provide transparency into the components that make up software

White Paper

The Importance of SBOMs in Protecting the Software Supply Chain

What Are the Benefits of Using Mend SBOM?

Mend SBOM focuses on open source code because cyber attackers focus the bulk of their attention on finding vulnerabilities in open source code.

Mend SBOM enables you to quickly and easily generate SBOMs that:

  • Identify all open source libraries
  • Track and document each component, including direct and transitive dependencies
  • Update automatically when components change
  • Identify vulnerabilities
  • Provide a path to remediation that ensures updates are backward compatible and won’t break the build
Mend SBOM focuses on open source code

Generate a Detailed SBOM Within Minutes