Skip to content

Fixes #8205 - Add information about SBOM #8325

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
sdwheeler merged 3 commits into from
Nov 11, 2021
Merged

Fixes #8205 - Add information about SBOM #8325

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
6a96f52
Add information about SBOM
sdwheeler Nov 10, 2021
eab813a
minor edits
sdwheeler Nov 10, 2021
1d475d5
Update reference/docs-conceptual/learn/security-features.md
sdwheeler Nov 11, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 19 additions & 3 deletions reference/docs-conceptual/learn/security-features.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
---
description: PowerShell has several features designed to improve the security of your scripting environment.
ms.date: 10/27/2021
ms.date: 11/10/2021
title: PowerShell security features
---
# PowerShell security features
Expand Down Expand Up @@ -34,8 +34,8 @@ For more information, see the following articles:

## Constrained language mode

**ConstrainedLanguage** mode protects your system by limiting the cmdlets and .NET types that can be used
in a PowerShell session. For a full description, see [about_Language_Modes][lang-modes].
**ConstrainedLanguage** mode protects your system by limiting the cmdlets and .NET types that can be
used in a PowerShell session. For a full description, see [about_Language_Modes][lang-modes].

## Application Control

Expand Down Expand Up @@ -89,6 +89,21 @@ The table below outlines the features that meet the servicing criteria and those
- PowerShell 7.2 now disallows scripts from using COM objects in AppLocker system lock down
conditions. Cmdlet that use COM or DCOM internally are not affected.

## Software Bill of Materials (SBOM)

Beginning with PowerShell 7.2, all install packages contain a Software Bill of Materials (SBOM). The
SBOM is found at `$PSHOME/_manifest/spdx_2.2/manifest.spdx.json`. The creation and publishing of the
SBOM is the first step to modernize Federal Government cybersecurity and enhance software supply
chain security.

The PowerShell team is also producing SBOMs for modules that they own but ship separately from
PowerShell. SBOMs will be added in the next release of the module. For modules, the SBOM is
installed in the module's folder under
`_manifest/spdx_2.2/manifest.spdx.json`.

For more information about this initiative, see the blog post
[Generating Software Bills of Materials (SBOMs) with SPDX at Microsoft][sbomblog].

<!-- link references -->
[applocker]: /windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker
[availability]: /windows/security/threat-protection/windows-defender-application-control/feature-availability
Expand All @@ -100,3 +115,4 @@ The table below outlines the features that meet the servicing criteria and those
[logging]: /powershell/module/microsoft.powershell.core/about/about_group_policy_settings#turn-on-module-logging
[mssec]: https://www.microsoft.com/msrc/windows-security-servicing-criteria
[WDAC]: /windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control
[sbomblog]: https://devblogs.microsoft.com/engineering-at-microsoft/generating-software-bills-of-materials-sboms-with-spdx-at-microsoft/