SW360 SBOM - Managing Vulnerability Information, SPDX Documents and Dependency Networks

Explore the SW360 software project for managing license compliance information and software bill-of-materials (SBOM) in this informative conference talk. Learn about SW360's evolution from its initial focus on SPDX information for products and projects to its expanded capabilities in vulnerability management, trade compliance assessment, and automated SBOM information handling through REST API. Discover how SW360 supports product approval processes by importing license obligations from the OSADL license checklist. Gain insights into SW360's architecture and witness demonstrations of its latest features, including vulnerability registration, SPDX input/output, and open-source software dependency management. Understand how SW360 streamlines the management of third-party components in software development and enhances overall compliance and security processes.

SW360 SBOM: Managing Vulnerability Information, SPDX Documents and New Depen... Kouki Hama & Tien Le