Codenotary has announced TrueSBOM for Serverless, a self-updating Software Bill of Materials (SBOM) for applications running on AWS Lambda, Google Cloud Functions and Microsoft Azure Functions that is made possible by simply adding one line to the application source code. Until now, SBOM generation for serverless apps was nearly impossible.

The new TrueSBOM for Severless helps enterprises comply with the U.S. Executive Order on Improving the Nation’s Cybersecurity, which includes maintaining a Software Bill of Materials (SBOM), as well as the SLSA security framework to ensure trust in the software supply chain.

TrueSBOM guarantees that the SBOM for a serverless application is always a true reflection of its components – and that the SBOM is not just a text file that is stored separately from the application, but rather it’s part of the application itself that export on request its own SBOM or list of ingredients. This is critical for modern applications like serverless that self-update, where relying on an external SBOM generation at build-time would not pick up the new updates.

In addition, TrueSBOM allows the enrichment of the SBOM with vulnerability scanner results or trust and integrity information. TrueSBOM keeps the list of contents in an app up-to-date at all times providing a level of security that was previously near impossible to attain.

TrueSBOM for Serverless is now available and priced at $450 per application per year.

You may also like