Software bill of materials
- https://cyclonedx.org/
- https://spdx.org/licenses/
- https://www.nist.gov/itl/executive-order-14028-improving-nations-cybersecurity/software-security-supply-chains-software-1
- https://ntia.gov/blog/ntia-releases-minimum-elements-software-bill-materials
- https://www.cisa.gov/sbom
device \
library/tool -- Component \
application / \
\
owned \ \
3rd party -- Component -- Project/Product
open source / /
/
licenses \ /
vulnerabilities -- Component /
state /
CDX Composition
- Generate Micro SBOMs manually or automatically.
- Collect all micro SBOMs
- Collect all components
- Remove duplications
- Reflect dependency graph