SBOM Compliance Series (Part 4): Understanding BSI TR-03183-2 v2.0, 🇩🇪 Germany Compliance
Overview This is the fourth part of our SBOM compliance series. In the previous post, we discussed BSI TR-03183-2 v1.1, Germany’s SBOM compliance framework, and how to validate your SBOM using sbomqs. In this post, we will discuss BSI TR-03183-2 v2.0, the updated version released in September 2024, what changed, what it now expects from an SBOM, and how to check compliance. Let’s go. Context 🇩🇪 Germany’s Federal Office for Information Security (BSI) released version 2.0.0 of TR-03183-2 on 2024-09-20. This is a significant update, not just a clarification pass. v2.0 adds new required fields, introduces a brand new optional tier, tightens the language around vulnerability information. ...