Though some issues may be addressed by securing the underlying Kubernetes environment and its relevant attack surface; hardening the continuous integration and delivery (i.e. CI/CD) pipeline; or creating a culture to significantly improve your organization’s security posture, the complexity of OSS development exacerbates security and compliance risks. Given the need for increased visibility and transparency into proprietary and open-source dependencies within the software supply chain, software engineering teams need the tools and development processes to systematically discover and manage multiple layers of dependencies and potentially vulnerable software packages.
The objective of this whitepaper is to help engineering teams understand and identify the core components and capabilities of SBOMs responsible for addressing the many challenges introduced by the increased adoption of OSS across digital transformation and application modernization initiatives. In doing so, enterprises will be prepared to meet regulatory demands —such those outlined within President Biden’s EO— of comprehensive reporting and analysis of their software supply chain.