How to Get Value from SBOMs Throughout the SDLC

Presented by

Kenaz Kwa, Head of Product, FOSSA

About this talk

For all of the attention paid to SBOMs (software bill of materials) in recent years, there’s been little conversation about a mission-critical supply chain security use case: integrating SBOMs throughout the software development lifecycle. Instead, SBOMs are generated as a check-box item, placed in Google Drive — never to be seen again. Unfortunately, this misses an important opportunity to integrate SBOM insights (such as risk assessments based on SBOM data) into the SDLC. Of course, successfully operationalizing an SBOM requires buy-in from the right stakeholders, building the right SBOM-related workflows, and using the right tools — and this can be easier said than done. Join Kenaz Kwa, the Head of Product at FOSSA, in our webinar “How to Get Value from SBOMs Throughout the SDLC” for practical guidance on tackling these challenges and successfully operationalizing your SBOMs. We’ll discuss: -Best practices for generating SBOMs that can be used throughout the SDLC -Considerations when importing SBOMs -How to use SBOMs to flag compliance and security issues during the early stages of the SDLC

Related topics:

More from this channel

Upcoming talks (1)
On-demand talks (46)
Subscribers (5114)
Up to 90% of any piece of software is from open source, creating countless dependencies and areas of risk to manage. FOSSA is the most reliable automated policy engine for vulnerability management, license compliance, and code quality across the open source stack. With FOSSA, engineering, security, and legal teams all get complete and continuous risk mitigation for the entire software supply chain, integrated into each of their existing workflows.