SBOM Starter Kit

SBOMs (software bill of materials) have become an important tool in a range of software supply chain management activities. They can be used to strengthen software supply chain security, support open source license compliance, satisfy regulatory compliance requirements, fulfill customer requests, and more.

Given the complexity of modern applications, running an effective SBOM program requires the right mix of practices, processes, and tooling. Our SBOM Starter Kit is a curated collection of resources designed to help organizations get up and running, with a focus on:

Structuring SBOM documents: Get an overview of the minimum required SBOM elements outlined in the U.S. federal government’s 2021 cybersecurity executive order
Evaluating SBOM formats: Explore CycloneDX and SPDX, the two most popular machine-readable bill of materials specifications
Managing SBOM essentials: Learn how to use FOSSA to generate, import, manage, and distribute SBOMs