Thu Sep 19 09:00:00 UTC 2024: ## New Platform Streamlines Software Bill of Materials (SBOM) Management
**Munich, Germany – ** A new platform, sbomify, has been launched to simplify the process of creating and sharing Software Bills of Materials (SBOMs). This comes at a time when regulatory demands for SBOMs are increasing due to concerns over software supply chain security.
SBOMs, which list the software components used in a product, are critical for identifying vulnerabilities and potential licensing issues. Traditional methods of sharing SBOMs have been inefficient and error-prone, leading to the development of sbomify.
“I found three distinct phases in the lifecycle of an SBOM: generation, distribution, and analysis. For both generation and analysis, there were a lot of tools available in the market. However, for the distribution phase, there wasn’t really anything out there that allowed a company like Screenly to continuously share SBOMs with customers,” explained Viktor Petersson, founder of Screenly and developer of sbomify.
sbomify offers a centralized platform for managing and distributing SBOMs. It integrates directly with CI/CD pipelines, automatically uploading the latest SBOM with each new software release. This provides stakeholders with real-time access to up-to-date information, eliminating manual updates and reducing the risk of outdated data.
“Think of it like statuspage.io, but for security artifacts,” Petersson added.
The platform also allows for inviting internal and external stakeholders to download the latest SBOMs. This approach streamlines the sharing process and ensures everyone has access to the necessary information.
sbomify is expected to be particularly beneficial for companies in regulated industries that are facing increasing pressure to comply with new regulations such as the US Executive Order 14028 and the EU’s Cyber Resilience Act, both of which mandate SBOMs for certain sectors.
Petersson also highlighted future plans for sbomify, including the automation of vendor and licensing information, integration with security and license audit tools, and the development of a hierarchical structure for managing multiple SBOMs in complex systems.
With its focus on streamlining SBOM management, sbomify provides a valuable tool for organizations looking to improve their software security posture and comply with evolving regulations. Early access to the platform is available through a Google form.
First Piper 