SBOM & SPDX: Why Suppliers Need Both
In today’s software supply chain landscape, transparency is no longer optional; it is a baseline expectation. If you are a supplier, chances are high that a ...
SBOM Management Explained
A software bill of materials is central to governance, compliance, and security workflows.
A software bill of materials (SBOM) is a list of software components in a product. It is foundational for governance, license compliance, and vulnerability management.
Ship It Right: A Fun but Serious Guide to Software Distribution Best Practices (with a Little Help from SCA)
Distributing Software: More Crucial Than Cool Distributing software might not be as glamorous as launching the next AI revolution or inventing teleportation—...
Understanding SPDX: Strengthening Trust in the Software Supply Chain
As modern software systems grow increasingly complex and globally interconnected, understanding the components within these systems is critical for managing ...
Basic SBOM Requirements
A software bill of materials (SBOM) captures which code components are included in a software. There are two original uses: Customers in a supply chain often...
Software Composition Analysis
Software composition analysis (SCA) is the analysis of your project or product’s source code to identify the component structure of the software, also known ...
The Dependency Graph
The process of creating a software bill of materials (SBOM) is called software composition analysis (SCA). A software composition analysis first creates the ...
The Software Bill of Materials
A bill of materials (BOM) is a list of components (“materials”) that make up some artifact. A software bill of materials (SBOM) is a bill of materials where ...
Types and Uses of SBOMs
The original and still primary use of a software bill of materials (SBOM) is to list what components are included in a software when provided to a customer. ...
Working with SCA Tools
Software composition analysis is a tool-based process that cannot be fully automated. A SCA tool expects or downloads a hierarchical structure of all relevan...