New Foundations of SBOM Are Underway at OpenSSF - Adolfo García Veytia, Stacklok
Вставка
- Опубліковано 21 вер 2024
- New Foundations of SBOM Are Underway at OpenSSF - Adolfo García Veytia, Stacklok
SBOM adoption has been undermined by competing standards, loose interpretation of specs, software naming and variance in the available tooling. To remediate these problems, several projects are under development in the OpenSSF. These projects aim to become the building blocks of a new SBOM ecosystem. We envision a future where the fundamental tasks to work with SBOMs and their data are handled by end-user tools, while code is available to any application that needs to work with SBOM. - At the base, protobom aims to solve SBOM I/O and data handling in applications. - sbomit is under development to solve the issue of trust and verification. - bomctl will provide a cli that lets users handle basic SBOM operations like visualization, merging, etc During this talk, we will give a brief overview of these building blocks and explore how they are already helping other projects in the OpenSSF and SBOM ecosystem such as OpenVEX solve their SBOM needs. Finally, we will discuss the next steps for the SBOM ecosystem by taking a look at the next set of problems waiting for a solution.
