Key Benefit

DeployHub Consumes SBOM Data

Aggregating SBOM Data for Federated Reporting and Actionable Results

DeployHub federates and leverages Software Bill of Materials (SBOM) data from each piece of software in your supply chain, providing sweeping organizational views of where a particular software component is used and where it is running. DeployHub’s open source software supply chain security platform provides IT teams with the intelligence needed to contain a critical hack quickly by exposing where open source inventory is running across multiple environments. The core problem is that SBOM data is fragmented across hundreds of components, causing IT teams to struggle to address the vulnerability quickly. Instead, IT teams spend critical time searching for and interrogating hundreds of SBOMs for the needed information. SBOM’s provide little use sitting in a text file under the build directory or even stored in Git as a historical record.  DeployHub makes SBOMs useful by consuming and exposing the data to be easily acted upon.

Federating all SBOM Data with DeployHub

DeployHub’s software supply chain management catalog federates SBOM data and continuously aggregates the information to the critical level, the ‘logical Application.’ DeployHub provides the insights needed to harden the security of end-user software by providing key insights into what is being delivered. DeployHub’s platform provides a view into each Component Version’s SBOM and rolls that information up to each “logical’ Application Version’s SBOM, even in decoupled architectures.

DeployHub Helps Organizations Meet Executive Order 14028

To meet the Biden Administration’s 2022 SBOM order, teams must deliver an SBOM that aggregates all application component dependencies’ SBOMs to the logical application-level every time a change is delivered. Achieving this level of SBOM reporting means the DevOps pipeline must automatically track the ‘logical’ application and create an application release version, SBOM, and CVE for each change.

DeployHub’s aggregated SBOM reports provide normalized, detailed information about each component a logical application uses. At a minimum, for each component, the aggregated report includes:

  • component’s name
  • supplier name
  • Version
  • hashes 
  • other unique identifiers 
  • open-source dependencies
  • author of the SBOM data
  • CVEs
  • timestamp

SBOM Key Concepts

Understanding SBOMs

Software Bill of Material has finally been recognized as an essential tool in the security toolbox. In this article, we review what to know about Software Bill of Materials.

SBOM Management

SBOM management collects Software Bill of Material reports as they are generated across the DevOps pipeline with data aggregation.

SBOM Automation

SBOM automation automatically generates a list of all software components, libraries, and dependencies that make up a software application as part of your DevOps Pipeline and then consuming the data.

SBOMs and Cybersecurity

SBOMs play a key role in solving the cybersecurity challenge. Learn why generating SBOMs is essential to harden the software supply chain.

SBOM Requirements

Learn the US Government’s SBOM requirements and how DeployHub can generate a federated SBOM in a decoupled environment to meet the standards.

Demo - Application SBOMs

Start Consuming Your SBOM Insights Today

Signup for DeployHub Team and Begin Leveraging Your SBOM Intelligence for Free

Signup for DeployHub Team, the free SaaS software supply chain security platform. DeployHub Team is based on the Ortelius open source project incubating at the Continuous Delivery Foundation.

Signup Today

Suggested Article

The core problem of SBOMs is the data is not consumed. SBOM’s provide little use sitting in a text file under the build directory or even stored in Git as a historical record. Most SBOM data is fragmented across hundreds of components, causing IT teams to struggle to address open source vulnerabilities fully and quickly.  This article explores the concepts of SBOM consumption.

Suggested Article

SBOM Sources

Suggested Whitepaper

Aggregating SBOM data to the ‘logical’ Application level is required if you need to produce an Application SBOM in a decoupled architecture. Learn how DeployHub provides aggregated SBOM reports from hundreds of component SBOMs.

Get the Whitepaper

SBOMs in a decoupled architecture

Further Reading