Sonatype, specializing in software supply chain optimization, introduces its own SBOM Manager to address mounting regulatory pressures and the increasing frequency of cybersecurity threats
Sonatype launched its SBOM Manager during Kubecon + CloudNativeCon Europe. It is designed to streamline Software Bill of Material (SBOM) collection, cataloguing, and continuous monitoring processes. The SBOM Manager enables organizations to better comply with global regulations while enhancing the security of their software supply chains.
Increasing demands to keep software secure
Many governments have tightened their cybersecurity guidelines and policies.
This creates headaches for open source developers, who do not always have the time to keep software up-to-date with recent regulations. This forces organizations that use open source software to scrutinize their software more carefully. These organizations also rely on large amounts of third-party software, which means applications may have unknown vulnerabilities that put entire clusters at risk.
As a result, Sonatype has seen the demand for Software Bills of Materials (SBOM) rise. These provide a detailed list of all software application components and libraries, including information about any vulnerabilities and licenses.
Tip: Vulnerabilities go unnoticed by users of open-source software far too often
“Without practical application, SBOMs risk being ignored or merely filed away,” says Brian Fox, Sonatype’s CTO. “Our SBOM Manager turns these ingredient lists into actionable assets, allowing organizations allowing organizations to actually use their SBOMs for improving security and compliance.”
Compliance tools and monitoring
Sonatype’s SBOM Manager includes comprehensive management capabilities, enhanced compliance tools to monitor global regulations, and advanced security measures to proactively identify and mitigate vulnerabilities within the software supply chain. Additionally, the tool offers strategic advantages by leveraging Sonatype’s expertise in SBOMs and component scanning to provide organizations with a competitive edge in software security and compliance.
The SBOM Manager is initially available as a Software-as-a-Service (SaaS) solution. On-premise and air-gapped versions will be released later in 2024. Earlier this year, Sonatype released its artificial intelligence and machine learning (AI/ML) component detection. This tool extended the ability to create AI bills of materials (AI BOM).
Also read: These are the 10 most dangerous Kubernetes vulnerabilities
2 days ago
