A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles
A software bill of materials[1] (SBOM) is a list of components in a piece of software. Software vendors often create products by assembling open source and commercial software components. The SBOM describes the components in a product.[2][3] It is analogous to a list of ingredients on food packaging: where you might consult a label to avoid foods that may cause an allergies, SBOMs can help companies avoid consumption of software that could harm their organization.
The concept of a BOM is well-established in traditional manufacturing as part of supply chain management.[4] A manufacturer uses a BOM to track the parts it uses to create a product. If defects are later found in a specific part, the BOM makes it easy to locate affected products.
- 💼 Official Projects
- 📂 Repositories
- 🗒️ Docs
- 📰 Blogs
- 🐾 Community Repositories
- 🗃️ Blogs and Articles
- 📹 Videos
- 📑 Slides
- 🎤 Podcasts
- Wikipedia - Official Wikipedia Page
- NTIA - Official National Telecommunications and Information Administration Page
- What is an SBOM? - The Linux Foundation Article
- CycloneDX Specification
- spdx-sbom-generator
- tern-tools/tern
- anchore/syft
- dlorenc/sbom-oci
- https://github.com/sigstore/cosign/blob/main/specs/SBOM_SPEC.md
- The Software Package Data Exchange® (SPDX®)
- ISO/IEC 5962 - SPDX® Specification
- ISO/IEC 5230:2020 - OpenChain Specification
- SPDX Spec
- SPDX: It’s Already in Use for Global Software Bill of Materials (SBOM)
- Software Bill Of Materials: Formats, Use Cases, and Tools
- Software Bill of Materials Required by 2021 Cyber Security Executive Order
- The world needs a software bill of materials
- What is a software bill of materials?
- Easily and Quickly Build an Accurate Open Source Inventory
- Create a Cybersecurity Bill of Materials
- What is an SBOM, and why should you Care??