March 21, 2023 – San Jose, California – Deepfactor™, a leading developer security platform, today announced new capabilities to help businesses that develop software automatically create and manage Software Bill of Materials (SBOMs) as part of their Software Development Lifecycle (SDLC). These capabilities will enable businesses to improve supply chain security and comply with the June 2023 deadline set by the U.S. Federal Government.
According to the 2023 Gartner® report, ‘Innovation Insight for SBOMs’, “SBOMs help organizations to determine if they are susceptible to security vulnerabilities previously identified in software components. These components could be internally developed, commercially procured or open-source software libraries,” according to Gartner analyst Dale Gardner. “SBOMs generate and verify information about code provenance and relationships between components, which helps software engineering teams to detect malicious attacks during development (e.g., code injection) and deployment (e.g., binary tampering).”
As part of U.S. presidential executive order 14028, the National Institute of Standards and Technology (NIST) and Office of Budget and Management (OMB) have issued guidance that requires organizations selling software to the U.S. Government to produce SBOMs for each software product. The European Union’s (EU) Cyber Resilience Act (ACT) will require all software sold in the EU to produce SBOMs. Security conscious private companies are also following suit and incorporating SBOMs into their software procurement processes to improve supply chain security.
“Whether it’s a government order, industry regulation, or customers demanding better supply chain security, it’s clear that software developers will need to start delivering SBOMs to their customers in 2023,” said Kiran Kamity, Founder and CEO, Deepfactor. “Deepfactor has been working with our customers to help them find and fix vulnerabilities in their software. Creating and managing SBOMs is a natural extension of the Deepfactor Developer Security platform.”
Deepfactor Developer Security 3.2 now includes the ability to produce, operationalize, and consume SBOMs at scale as part of the SDLC. Using industry standard CycloneDX and SPDX machine-readable formats, Deepfactor can automatically generate SBOMs when software builds are checked into code repositories. Unlike traditional tools that scan a repository, Deepfactor automatically groups multiple software components into a complete application SBOM, while also maintaining the ability to view and download SBOMs at a component level. The Deepfactor portal provides a searchable and filterable human-readable interface to help security teams quickly respond to zero-day vulnerabilities, developers to fix vulnerabilities, and customers to verify the supply chain security of their software.
The Deepfactor Developer Security platform 3.2 is available immediately.
- Whitepaper – SBOM Security: Top 5 Reasons to Build SBOMs Into Your Pipeline
- On-Demand Webinar – Integrating SBOMs into Your SDLC By the Biden Executive Order June Deadline
- Blog – Deepfactor 3.2 Adds SBOM and Runtime Correlation for SCA To Help Customers Improve Supply Chain Security
- Executive Order 14028 – Improving the Nation’s Cybersecurity
- NIST – Software Supply Chain Security Guidance Under Executive Order 14028
- OMB Memorandum – Enhancing the Security of Software Supply Through Security Software Development Practices
Gartner is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the US and internationally and is used herein with permission. All rights reserved.
Deepfactor is a developer security platform that enables engineering teams to quickly discover and resolve security vulnerabilities, supply chain risks, and compliance violations early in development and testing. For more information, visit www.Deepfactor.io and follow us on LinkedIn and Twitter.