SBOM Quality

Hey SBOM enthusiasts 👋, These are common challenges faced by all SBOM authors. How can fields such as “NOASSERTION”, “NONE” be filled at a scale ? This issue is widespread because SBOM generation tools often have gaps and limitation. I do not blame any tool for this; it is beyond their capability, as these tools are primarily design to capture the dependencies of a software. SBOM generation depends on various factors, such as the programming language, the package manager used, the type of SBOM build( source build, build time or post build) and the information provided by the software author on their site. ...

Hey SBOM community, Love to see you back here learning something new. If you’re working with SBOMs, you probably know that generating SBOM is just a first step. What you get after generating SBOM is just a raw SBOM ? And the raw SBOM is incomplete, inaccurate sometime and most importantly not even comply with NTIA minimum element according to this research whitepaper. ...

Hey there 👋 SBOM practitioners, compliance engineers, and open-source watchers! If you’ve been working with SBOMs lately—whether you’re producing them or consuming them—you’ve probably noticed how quickly they’ve gone from “nice to have” to absolutely essential. I hope now your getting comfortable on working with SBOMs and familiar with software supply chain security terminologies. We all are well-known about the wake-up call on SBOMs, ...