Sprint #7: Getting on with an SBOM
Welcome back to the 7th sprint of OneHourAppSec.
This sprint, we’re going to build an artifact to support the work we did in sprints five and six. In the last two sprints, we looked at how we choose technologies to integrate into our software. In this sprint, we will learn about a common way to communicate this list of technologies – the SBOM (or Software Bill of Materials). Increasingly required for regulation, compliance, and even to sell to larger organizations, your SBOM may end up being more important than you realize.
Our goals for this sprint:
To understand what an SBOM is, why they are useful, and what is included in them.
To create our first SBOM (ready to use whenever needed).
So without further ado, let’s get into it 👏
Activities
📽️ [VIDEO] Introducing Sprint 7 (5 minutes)
This first sprint video explains the theme and what you need to tick off.
📽️ [Podcast Episode] Dream a little dream of SBOM with Paul McCarty (30 mins)
We talk to a friend of SafeStack and SBOM expert Paul McCarty about what should be included in an SBOM.
📑 Create your own SBOM (25 minutes)
Now that you understand the process, it’s time to get started and make your own.
Additional reading
📚 Getting started with SBOMs in GitLab