This talk will give an overview of the emerging expectation in software: that we should be able to track what libraries and dependencies we use. A “software bill of materials” (SBOM) is like a list of ingredients for software, or “a formal, machine-readable inventory of software components and dependencies, information about those components, and their hierarchical relationships.” We will give an overview of the concept, and highlight how it is growing in importance for a range of corners of the software world, from simple apps to safety-critical areas in healthcare and energy.
In the cloud native ecosystem, the depth of the dependency chain for infrastructure and applications grows exponentially, making it even more important to include SBoMs at every step of development. We’ll examine what a “dependency” looks like in a containerized application and a cloud native application, and highlight some tools and methods that can be used to generate and distribute SBoMs for these applications.
Three takeaways:
1. What is an SBOM
2. SBOM is coming to a corner of the software world near you, potentially in a government or customer requirement.
3. SBOM is particularly relevant for cloud native software, and tools exist today to help you get started.