Sprint #7: Getting on with an SBOM

Welcome back to the 7th sprint of OneHourAppSec. 

This sprint, we’re going to build an artifact to support the work we did in sprints five and six. In the last two sprints, we looked at how we choose technologies to integrate into our software. In this sprint, we will learn about a common way to communicate this list of technologies – the SBOM (or Software Bill of Materials). Increasingly required for regulation, compliance, and even to sell to larger organizations, your SBOM may end up being more important than you realize.

 

Our goals for this sprint:

  • To understand what an SBOM is, why they are useful, and what is included in them.

  • To create our first SBOM (ready to use whenever needed).

So without further ado, let’s get into it πŸ‘

Activities

πŸ“½οΈ [VIDEO] Introducing Sprint 7 (5 minutes)

This first sprint video explains the theme and what you need to tick off.


πŸ“½οΈ [Podcast Episode] Dream a little dream of SBOM with Paul McCarty (30 mins)

We talk to a friend of SafeStack and SBOM expert Paul McCarty about what should be included in an SBOM.


πŸ“‘ Create your own SBOM (25 minutes)

Now that you understand the process, it’s time to get started and make your own.

 

Additional reading

πŸ“š
Getting started with SBOMs in GitLab


πŸ“š Getting started with SBOMs in GitHub


Previous
Previous

Sprint #8: Get Playful with Threat Modeling

Next
Next

Integrating Security into UX Design