SBOM or the Software Bill of Materials is the inventory package that comprises the different software components and metadata that make up a software product. The need for an SBOM was codified in a bill approved in September 2022, by the US Senate Homeland Security and Governmental Affairs Committee which aims to “improve the visibility, accountability, and oversight of agency software asset management practices.”
Essentially, the SBOM aims to streamline organizations’ use of third-party software components and better ensure their security to avoid software supply chain compromises.
SBOM Coverage of Your Cloud with Lightspin
We are excited to announce a new feature for SBOM inventory for workloads scanned by our agentless workload scanning across AWS, Azure, and GCP. The relevant workloads are EC2 Instances (AWS), Virtual Machines (Azure), and Compute Engines (GCP).
Lightspin’s new capability is collecting the SBOM from every workload’s filesystem scanned. The packages are tracked over time and correlated with their relevant discovered vulnerabilities (CVEs).
The SBOM is available as an additional tab on the asset page in our Dashboard for the scanned workload. They can be searched through the tab search panel or exported in a CycloneDX JSON Format.
OWASP CycloneDX is a lightweight SBOM standard designed for use in application security context and supply chain component analysis.
Clicking “Show More” will display the correlated vulnerabilities (CVEs)
Lightspin’s Cloud Native Application Protection Platform (CNAPP) provides real-time insights into risks across your entire cloud environment, scanning your multi-account and multi-cloud environments for complete visibility of your cloud estate.
Lightspin’s agentless solution provides complete asset inventory and details the critical vulnerabilities discovered, using the Attack Path Engine at the core of its technology, to surface the most critical risks, and offer dynamic remediation recommendations.
To find out more about how Lightspin can help you better achieve your cloud SBOM goals, start a free trial today.
*** This is a Security Bloggers Network syndicated blog from Lightspin Blog authored by Lightspin. Read the original post at: https://blog.lightspin.io/software-bill-of-materials
The OpenJS Foundation, which oversees multiple JavaScript projects, thwarted a takeover attempt of at least one project that has echoes…
Authors/Presenters: *Xiang Li, Chaoyi Lu, Baojun Liu, Qifan Zhang, Zhou Li, Haixin Duan, Qi Li* Many thanks to USENIX for…
A guest post by James Berthoty the founder of Latio Tech. The shift to cloud has meant an The post…
The air is electric, the skies are clear, and the lineups are out – festival season is upon us! From…
Authentication: The digital gatekeeper. Explore the hidden infrastructure and cutting-edge security keeping your data safe online.
via the comic artistry and dry wit of Randall Munroe, creator of XKCD Permalink