Yes Virginia, SBOM is real.
image credit: OWASP CycloneDX project
- May 5, 2021 1:32 pm GMTMay 5, 2021 2:01 pm GMT
- 211 views
The proficient and highly productive software engineers developing and supporting the NTIA supported CycloneDX SBOM standard within OWASP have announced the release of version 1.3 with some cool new features that will help improve software supply chain verification along with a plethora of tools to help implement SBOM now. Here are a few noteworthy features of this release:
The inventory of components, services, and their relationships to one another can be described using compositions.
Properties / name-value store:
The CycloneDX standard is fully extensible allowing for complex data to be represented in the SBOM that is not provided by the core specification.