• There are no suggestions because the search field is empty.

Automating SBOM Creation

How to quickly create an accurate Software Bill of Materials

Automating SBOM Creation
 
The rise in software supply chain attacks has prompted the US government and enterprises to require SBOMs as a standard practice

Why do you need a Software Bill of Materials (SBOM)?

Over 70% of applications use open-source software (OSS) components to speed up development, according to Gartner, which increases security and legal exposures. Organizations of all sizes now require an SBOM for any software delivered, such as described in the cybersecurity executive order by the US government. Anyone delivering software now needs to produce an SBOM with speed and accuracy.

What is a Software Bill of Materials (SBOM)

An Inventory of all components used to build a software
artifact or application, including all open source components.

  • Component details (version, release date, etc.)
  • Security vulnerabilities (CVEs) and criticality
  • Licenses and risk levels
  • Possible licensing conflicts
  • Transitive dependencies
  • Software weaknesses (CWEs)
  • Safer component version recommendations

See a sample SBOM

How do you automate SBOM creation?

CAST Highlight, a software intelligence product, plugs directly into source code repositories and analyzes applications in minutes, without disrupting developers. It performs Software Composition Analysis (SCA) of an application portfolio and automatically creates a full inventory of the 3rd party and Open Source components used within the codebase, including license versions. It highlights licensing exposures and security vulnerabilities as well as recommendations on the most critical remediations required. The SBOMs can be viewed and exported in Excel, Word, PPT, and CycloneDX.

How do you automate SBOM creation?

What if you want to read an already existing SBOM file?

Organizations often need to consume an existing SBOM received from an external source such as a software vendor. CAST Highlight also automatically reads an imported SBOM in CycloneDX format and generates all of the same SCA insights even if the application is not directly analyzed by CAST Highlight.

Try CAST Highlight

Learn best practices for automating SBOMs from Broadridge

New, simpler approach for Open-Source risk management
 
Broadridge Manages Open Source Risk with Control Tower powered by CAST Highlight
 
Case study
Broadridge

What Our Clients Experienced