Composing the Ultimate SBOM - Creating Accurate and Modular Software Bill of Materials

Explore the concept of composing Software Bills of Materials (SBOMs) in this insightful conference talk by Ivana Atanasova and Velichka Atanasova from VMware. Discover why post-build scanning falls short in producing accurate SBOMs and learn about the innovative "sum-of-parts" approach using Micro-SBOMs. Understand the importance of representing software's modular nature in SBOM creation and management. Gain knowledge on the process of "composing" multiple Micro-SBOMs into a comprehensive, high-level SBOM. Witness a demonstration of a proof-of-concept SPDX SBOM composition tool and learn about its potential to streamline SBOM consumption. Delve into the operationalization of SBOMs and the need for more modular composition techniques. Engage with the speakers' insights on enhancing compliance and security benefits through improved SBOM creation methods.

Composing the Ultimate SBOM - Ivana Atanasova & Velichka Atanasova, VMware