Platform Use cases
An SBOM Tool to Manage and Share Data Across the Organization.
Aggregate SBOMs and Instantly Comply with Executive Order 14028.
SBOM Tool for Sharing and Managing SBOM Results
SBOM tools are used to generate Software Bill of Material reports when software builds are executed. But generating the SBOM is only the first step. There is little point in generating an SBOM if the results are not analyzed and made actionable. For this reason, DeployHub’s SBOM tool is laser-focused on using the Software Bill of Materials report data to continuously monitor software running in production environments for vulnerabilities, long after the software build step was completed.
At the most basic level, SBOM data is needed to continuously determine your software’s common vulnerabilities and exposures (CVEs). In addition, SBOMs provide licensing and provenance information critical to deciding what open-source packages should be included or excluded from your internal supply chain. Using an SBOM tool to manage your SBOM data is a critical level of defense from supply chain attacks.
DeployHub is a continuous security intelligence watch center that consumes SBOMs and uses the data to continuously report on vulnerabilities. DeployHub’s superpower is its ability to aggregate critical security and DevOps intelligence data for all ‘logical’ applications in a decoupled architecture. DeployHub’s SBOM tool acts upon and consolidates your supply chain and DevOps intelligence. It continuously gathers and centralizes security forensics exposing the impact low-level components have across the supply chain in decoupled architectures.
DeployHub SBOM Tool Aggregates SBOMs for Decoupled Applications
DeployHub’s SBOM tool unifies SBOM data and continuously aggregates and shares the information to the critical level, the ‘logical Application.’ DeployHub provides the insights needed to harden the security of end-user software by providing key insights into what is being delivered. DeployHub’s Watch Center provides a view into each Component version’s SBOM and rolls that information up to create a ‘logical’ application version SBOM, even in decoupled architectures.
Respond to Executive Order 14028 With a Single Click
Executive Order 14028 requires a Software Bill of Materials (SBOM) be provided for any software used by the federal government. DeployHub’s Security Intelligence includes a central evidence room of SBOMs. By continuously aggregating SBOM data, you maintain visibility into your ecosystem of open-source, third-party, and internal components, overcoming the challenge of dependency management in modern microservice architectures. With DeployHub’s SBOM management, you can comply with Executive Order 14028 for every logical application release…with a single click.
SBOM Management and Your DevOps Pipeline
DeployHub’s SBOM tool integrates into your Continuous Delivery pipeline to monitor independently deployed component updates and capture new SBOM and CVE intelligence. DeployHub’s integration into your DevOps pipeline can add SBOM generation to the process if you are not already creating SBOMs. Adding SBOM generation to your pipeline is a critical step in understanding what open-source software your solutions depend upon. It is also required to know your vulnerabilities and exposures. At this point in time, it is simply not an option. To respond quickly to new vulnerabilities, you must know what you consume.
With DeployHub’s data, you can easily define zero-trust policies, such as stopping a deployment if an underlying component has known vulnerabilities. With a single click, you can aggregate component level SBOMs to create a logical application SBOM, critical for teams working in a decoupled architecture that need to provide application level SBOM reports
SBOM Tool Reports
DeployHub’s aggregated SBOM reports provide normalized, detailed information about each component a logical application uses. At a minimum, for each component, the aggregated report includes:
- component’s name
- supplier name
- Version
- hashes
- other unique identifiers
- open-source dependencies
- author of the SBOM data
- CVEs
- timestamp
With DeployHub it is easy to provide logical application SBOMs, even in complex, decoupled architectures where hundreds of components define a single solution delivered to end users.
View a Federated SBOM
Application level SBOMs in a decoupled architecture are non-existent. DeployHub returns the Application SBOM to teams working in modern architecture
Explore DeployHub