Learn more about software transparency and the role of SBOMs in your organization.
A complete and accurate inventory of all first-party and third-party components is essential for risk identification. A Software Bill of Materials (SBOM) is a document that provides transparency into the software components of an application.
SBOMs should ideally contain all direct and transitive components and the dependency relationships between them. They should also contain metadata associated with each of these components.
For software producers
Software producers, those who create and sell software, need to be able to provide software transparency through an SBOM to their customers on request to reduce sales cycles, establish trust and in some cases as a regulatory or business requirement.
A Vulnerability Exploitability eXchange (VEX) document conveys the potential risks associated with components that have known vulnerabilities within the specific context of the product.
Software producers may need to, upon request, provide justification for known vulnerabilties and how they impact an application they sell.
For software consumers
Software consumers, or those who use software, need to understand their software inventory holistically. This includes both the software that they create and the software that they purchase.
Learn more about software transparency and the role of importing SBOMs in your organization.
Was this page helpful? Send your feedback to email@example.com