What’s your current process for generating SBOMs?
Sort by:
SVP & Director, IT Operations in Finance (non-banking)3 years ago
we have yet to finalize a process, interested to hear and see what others do
PMO – Engineering in Software3 years ago
Get a real-time inventory of all software components; discover affected software; review vulnerability findings; plan corrective actions.
Senior Director IT Architecture in Finance (non-banking)3 years ago
We build them during the CI process and record them on the GRC and CMDB, then in the artifactory location, that helps us keep track and identify drifting.
IT Director in Education3 years ago
We are still establishing a formal process for generating and recording our software bill of materials (SBOMs). This is relatively new since it has only been less than 2 years ago that the executive order was signed by the federal government. More to report in the future as we mature in our SBOMs posture.
As Generating an software bill of materials (SBOM) typically involves using specialized tools or software to scan the codebase of the software and identify its components and dependencies, we are still establishing a formal process for recording and generating our SBOMs.
As the information can then be compiled into a detailed list or inventory, which are critical to us for various purposes, such as security analysis, compliance, and supply chain management, generating an SBOM for every new release of a component is our ultimate goal.