SBOM Automation - Making Compliance Effortless by Consuming, Enriching, and Managing Software Bill of Materials

Explore an insightful conference talk on automating Software Bill of Materials (SBOM) management for effortless compliance. Learn how organizations can streamline dependency management throughout the release cycle, systematically analyze software licenses and vulnerabilities, and maintain compliance through SBOM consumption, enrichment, and management. Discover the use of OSS Review Toolkit (ORT) for scanning and generating Cyclonedx analysis files, as well as their integration with SW360. While covering both license clearing and security aspects, the presentation primarily focuses on license clearing processes. Gain knowledge about potential integrations, such as VulnerableCode, and the application of vulnerability scans to enhance SBOMs. Acquire a comprehensive understanding of achieving continuous compliance through consistent SBOM management using open-source compliance tools like Linux Foundation's FOSSology, ORT, and Eclipse Foundation's SW360 project.

SBOM Automation - Making Compliance Effortless by Consuming, Enrichin... Kouki Hama & Arun Azhakesan