The Synopsys Software Integrity Group is now Black Duck®. Learn More

Key considerations for building, maintaining, and using an SBOM

Software is constantly changing; new dependencies are added, old ones are updated or removed, and vulnerabilities are discovered and patched. Without a complete, dynamic view of what’s in your applications, neither you, your customers, nor your vendors can confidently determine what risks you’re exposed to. 

A Software Bill of Materials (SBOM) provides this information. It is the “list of ingredients” for a software application—it includes all open source, proprietary, and commercial code; the associated licenses; version information; and patch statuses.

Creating and maintaining an SBOM has quickly become a critical best practice for building secure and compliant software applications. But how do you get started? What should be included in your SBOM? And what do you do once you’ve created it? Download the eBook,  "Your Recipe for an Actionable SBOM," for answers to these questions.

Download the eBook to learn

  • The importance of making an SBOM creation process repeatable
  • Why you should adopt a standardized format such as SPDX, CycloneDX, or SWID
  • What information is needed in your SBOM
  • Why a secure delivery method matters
  • The importance of including industry-specific requirements
  • Why you should implement automated SBOM tooling
Actionable Software Bill of Materials eBook Cover

Download the guide now

SBOM Simplified