Software Bill of Materials

What do the NSA, NASA, Microsoft, AT&T, McDonald’s, Volvo, and Credit Suisse have in common?

They are just a few of the 18,000 companies and agencies on the client roster of SolarWinds, the company at the center of the largest software supply chain attack in history.

While attacks against the software supply chain aren’t new, the SolarWinds attack has caused a flurry of new regulations aimed at protecting government agencies, critical infrastructure, and private sector companies from similar attacks.

What Are SBOMs and Why Do They matter?

SBOMs are a formal, machine-readable inventory of software components and dependencies. They’re designed to track the details and supply chain relationships of software components, their dependencies, and their hierarchal relationships.

The purpose of SBOMs is to provide transparency into the components that make up software so that vulnerabilities can be tracked and fixed.

The SolarWinds attack served as a catalyst for President Biden, who tasked the National Institute of Standards and Technology (NIST) with developing a plan to protect the software supply chain as a critical component of the country’s cybersecurity posture.

The result is that SBOMs are required for any software that:

  • Runs with elevated privilege or manages privileges
  • Has direct or privileged access to networking or computing resources
  • Controls access to data or operational technology
  • Performs a function critical to trust
  • Operates outside of normal trust boundaries with privileged access

White Paper

The Importance of SBOMs in Protecting the Software Supply Chain

What is included in the SBOM produced by Mend SCA?

Mend SCA enables you to quickly and easily generate SBOMs that:

  • Identify all open source libraries
  • Track and document each component, including direct and transitive dependencies
  • Update automatically when components change
  • Identify vulnerabilities
  • Provide a path to remediation that ensures updates are backward compatible and won’t break the build

Generate a Detailed SBOM Within Minutes