SBOM Manager
1min
SBOM (Software Bill of Material) scanning involves analyzing the components and dependencies of a software application to identify potential security vulnerabilities, license, and compliance issues. SBOMs are typically provided by third parties as a way to identify what components their software relies on. SOOS has been stress tested to manage tens of thousands of SBOMs, and automatically links complex external SBOM references (dependencies between SBOM documents) for a unified view of your SBOM inventory.
- SBOM Document Analysis: SOOS inspects CycloneDX or SPDX SBOMs to identify the software and packages contained within the document.
- Dependency Tree Creation: After identifying directly referenced software and packages, SOOS’s patented dependency resolution builds the full dependency tree and catalogs introduction paths.
- Vulnerability Matching: Using the full set of packages and dependencies, SOOS matches packages to vulnerabilities. SOOS will call out if the vulnerabilities are: in the SBOM and found by SOOS, in the SBOM and not found by SOOS, or not in the SBOM but found by SOOS.
- License Matching: Using the full set of packages and dependencies, SOOS matches packages to licenses.
- Governance Policies: SOOS’s suite of governance policies may be run against the packages and licenses which were identified.
- Issue Creation: Issues are created for any vulnerabilities, governance policies, unknown packages, and more.
- Report Generation: Reports for each SBOM are created and accessible via the SOOS Developer, Legal, Security, and Compliance dashboards.
Requires the SBOM Manager add on. See Subscribing to SOOS Services to make changes to your plan.
Updated 25 Feb 2025
Did this page help you?