RKVST SBOM Hub and Device Authority KeyScaler SBOM.
This video demonstrates how Device Authority privately distribute their SBOM in RKVST while advertising its location on SBOM Hub.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
What Is an SBOM & Why Do You Need One?
Before we jump into definitions, let’s quickly level set on how we got here. Over the last few years, the way we build software has changed drastically. With the increasing need to move faster and release more frequently, organizations are opting to get rid of monolithic architectures and adopt a microservices architecture for greater agility, resiliency, and efficiency.
SBOM production and secure distribution - Jitsuin and Meterian integration makes it easy.
Jitsuin met Meterian in the NCSC Cyber Runway Accelerator launched in November 2021. What we quickly realized is that automated generation and permissioned sharing of SBOMs would save valuable time in vulnerability discovery and mitigation. So we moved fast to fix things! The integration between Meterian’s Boost Open-Source Software Scanner (BOSS) and Jitsuin’s RKVST SBOM Hub enables software publishers to automatically generate, store and distribute SBOMs in public or private.
Meterian generated SBOMs distributed in RKVST SBOM Hub
Meterian has integrated SBOM distribution to the RKVST SBOM Hub within the BOSS Scanner, making it easy for developers to put SBOMs to work in their own organisations and for their customers.
Public Discovery, Permissioned Distribution of SBOMs
Some SBOMs can be shared widely. Many SBOMs will need to be shared in private. RKVST SBOM Hub makes it easy to find and fetch both public and private SBOMs. Private SBOMs can be advertised with a refBOM - but only those with the right permissions can see the full SBOM.
15 Ways to Make SBOM Distribution Easy
The whole point of an SBOM is lost if you keep it a secret. Here we reveal our secrets of the ideal SBOM exchange. Let us know if we’ve missed anything in RKVST SBOM Hub. SBOMs are made for sharing and are the gifts that keep on giving, but only if they get to the right place at the right time to drive the right critical decision. The first critical decision, or moment of truth, is whether to buy a vendor’s product.
SBOMs are the gifts that keep on giving.
The timing of CISA’s SBOM-a-rama today and tomorrow coincides with the fallout from the “vulnerability of the decade” gifting the industry with yet another example of why scaling and operationalizing the widespread use of SBOMs is so vital. Log4Shell is a 10/10 vulnerability in a hugely popular Java logging library – Log4j – used in virtually every online service. For two decades it was considered harmless, that is until last week when somebody found it wasn’t.
How to Create a SPDX SBOM Using WhiteSource
In this short video, we will demonstrate how to create an NTIA compliant Software Bill of Materials for applications that have been scanned using WhiteSource.
Episode 2: DevSecOps Coffee Break Series | Creation of Your Software Bill Of Materials SBOM
Learn what an SBOM is, how it will benefit you, which misconceptions exist around it, and why it must be a key element of your SDLC security and compliance process.
SBOM Sharing Should be Easy. Now it is!
Today we’re pleased to announce the RKVST SBOM Hub – the first place to find and fetch SBOMs. RKVST SBOM Hub is a secure, immutable, any-to-any framework that integrates into both publisher and subscriber workflows to massively simplify the effective sharing of SBOMs to help all parties comply with the Executive Order. Try it out for yourself here.