Useful Links
Computer Science
Cybersecurity
Software Supply Chain Security
1. Introduction to Software Supply Chain Security
2. Threat Landscape and Attack Vectors
3. Securing the Development Environment
4. Securing Source Code
5. Managing Dependencies and Third-Party Components
6. Securing the Build and CI/CD Pipeline
7. Securing Software Artifacts
8. Software Bill of Materials
9. Frameworks, Standards, and Governance
10. Incident Response and Recovery
Software Bill of Materials
Understanding SBOMs
Purpose and Benefits
Transparency in Software Components
Component Visibility
Supply Chain Mapping
Risk Assessment
Facilitating Vulnerability Management
Rapid Response
Impact Assessment
Patch Prioritization
Compliance and Regulatory Requirements
License Management
Key Data Fields
Component Name
Package Names
Library Names
Module Identifiers
Version Information
Semantic Versions
Build Numbers
Commit Hashes
Supplier Information
Vendor Details
Author Information
Maintainer Contacts
Dependency Relationships
Parent-Child Relationships
Dependency Types
Relationship Metadata
License Information
Security Metadata
SBOM Formats
SPDX
Structure and Usage
Document Structure
Package Information
Relationship Definitions
Version Compatibility
Tool Support
CycloneDX
Structure and Usage
Component Model
Vulnerability Information
Service Definitions
Schema Versions
Ecosystem Integration
SWID Tags
Structure and Usage
Tag Structure
Identity Information
Payload Definitions
ISO Standards Compliance
Generating SBOMs
Tools for SBOM Creation
Open Source Tools
Language-Specific Tools
Build System Integration
Multi-Format Support
Commercial Tools
Enterprise Features
Integration Capabilities
Support Services
Integration into the Build Process
Automated SBOM Generation
Build System Integration
CI/CD Pipeline Integration
Continuous Generation
Storing and Distributing SBOMs
Storage Strategies
Distribution Mechanisms
Access Controls
SBOM Quality Assurance
Validation Procedures
Completeness Checking
Accuracy Verification
Consuming and Utilizing SBOMs
Vulnerability Management
Mapping Vulnerabilities to Components
CVE Matching
Risk Assessment
Impact Analysis
Automated Vulnerability Scanning
Patch Management Integration
License Compliance
Automated License Checks
License Compatibility
Policy Enforcement
Compliance Reporting
Legal Risk Assessment
Asset Inventory
Maintaining an Inventory of Software Components
Component Tracking
Version Management
Lifecycle Monitoring
Portfolio Management
Supply Chain Risk Management
Risk Assessment
Supplier Evaluation
Third-Party Risk Management
Previous
7. Securing Software Artifacts
Go to top
Next
9. Frameworks, Standards, and Governance