A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles
From Wikipedia:
A software bill of materials (SBOM) is a list of components in a piece of software. Software vendors often create products by assembling open source and commercial software components. The SBOM describes the components in a product. It is analogous to a list of ingredients on food packaging: where you might consult a label to avoid foods that may cause an allergies, SBOMs can help companies avoid consumption of software that could harm their organization.
The concept of a BOM is well-established in traditional manufacturing as part of supply chain management. A manufacturer uses a BOM to track the parts it uses to create a product. If defects are later found in a specific part, the BOM makes it easy to locate affected products.
- 💼 Official Projects
- 📂 Repositories
- 🗒️ Docs
- 📰 Blogs
- 🐾 Community Repositories
- 🗃️ Blogs and Articles
- 📹 Videos
- 📑 Slides
- 🎤 Podcasts
- Wikipedia - Official Wikipedia Page
- NTIA - Official National Telecommunications and Information Administration Page
- What is an SBOM? - The Linux Foundation Article
- CycloneDX Specification
- CycloneDX/cyclonedx-maven-plugin
- spdx-sbom-generator
- tern-tools/tern
- anchore/syft
- dlorenc/sbom-oci
- Cosign SBOM Spec
- microsoft/sbom-tool
- SwiftBOM - generate SBOMs
- Kubernetes SBOM Tool
- CycloneDX BOM Examples
- Aqua Trivy
- bomber
- The Software Package Data Exchange® (SPDX®)
- ISO/IEC 5962 - SPDX® Specification
- ISO/IEC 5230:2020 - OpenChain Specification
- SPDX Spec
- SPDX: It’s Already in Use for Global Software Bill of Materials (SBOM)
- bomber - bomber is an application that scans SBoMs for security vulnerabilities.
- Software Bill Of Materials: Formats, Use Cases, and Tools
- Software Bill of Materials Required by 2021 Cyber Security Executive Order
- The world needs a software bill of materials
- What is a software bill of materials?
- Easily and Quickly Build an Accurate Open Source Inventory
- Create a Cybersecurity Bill of Materials
- What is an SBOM, and why should you Care??
- Are you ready with your SBOM ? Think again !
- Nisha Kumar and Allan Friedman - RSAC DevOps connect keynote
- Rose Judge on using Tern to generate a SBoM for containers
- Creating a Software Supply Chain Landscape
- Analysis of a spdx-sbom-generator generated SBOM
- Creating an SBOM for a golang app using spdx-sbom-generator
- Analysis of a cyclonedx-gomod generated SBOM
- Creating an SBOM for a golang app using cyclonedx-gomod
- What an SBOM Can Do for You
- BOM 101 – All the questions you were afraid to ask Software Bill of Materials
- Mentorship Session: Generating Software Bill Of Materials
- Software Bill of Materials: How to generate an SBOM from container images using Syft
- SwiftBOM - generate SBOMs for PoC efforts and demos
- Kubernetes Atlanta Meetup - Nov 2021 - SBOMs Container Signing and Verification, Intro to Gatekeeper
None yet, please contribute!