Sonatype’s SBOM Manager helps companies enhance their security posture

0

Sonatype has announced SBOM Manager to help provide an integrated approach to managing SBOMs (Software Bill of Materials) from third-party vendors, alongside those SBOMs created for your own software, powered by Sonatype’s unique data and security research.

By enabling comprehensive optimization of SBOM management, Sonatype sets a new standard for compliance, scalability, and cybersecurity. Through its seamless management of SBOM generation, collection, categorization, and ongoing monitoring, Sonatype SBOM Manager empowers organizations to achieve unparalleled security and efficiency in their software supply chains, marking a significant advancement on the journey toward integrated and secure software distribution and management.

Mitchell Johnson, Chief Product Development Officer at Sonatype, said: “Sonatype’s SBOM Manager was developed with a deep understanding of these challenges as a software supply chain pioneer. Now we are introducing the world’s first easy-to-use solution for organizations to not only comply with emerging regulations, but also to enhance their development productivity and security posture through greater transparency and control.”

Key Features and Benefits of Sonatype SBOM Manager include:

  • A powerful, yet easy to use System of Record for all SBOMs – Comprehensive SBOM Management:
    Generate both CycloneDX and SPDX SBOM formats with ease to share with internal and external stakeholders such as auditors, regulators, compliance officers, customers.
    Ingest and import SBOMs from third-party software, including VEX documents, and analyze them to pinpoint components, vulnerabilities, and contextual policy violations.
    Monitor for policy violations, manage vulnerability disclosures to partners, and report on application risk in a way that makes it easy to understand across business functions, from procurement, to legal, to software engineering.
    Store SBOMs from any source to create your own SBOM repository that you can continuously review and manage, ensuring complete visibility and control
  • Enhanced Compliance: Stay ahead of global regulations with tools designed to ensure continuous compliance, reducing the risk of penalties and reputational damage.
  • Advanced Security: Proactively identify and mitigate vulnerabilities within the software supply chain, enhancing your security posture and protecting against potential breaches.
  • Strategic Advantage: Leverage Sonatype’s superior data and deep expertise in SBOMs and component scanning to gain a competitive edge in software security and compliance.
  • Optimize Efficiency: Sonatype SBOM Manager significantly reduces the manual effort and complexity involved in handling SBOMs by automating SBOM generation, management, and monitoring. It also helps prioritize what issues need to be addressed first directly in the workflow.

Initially available as a SaaS solution, on-premise and air-gapped versions will be available in the fall of 2024.

Currently available for preview, the Sonatype SBOM Manager will be generally available in June 2024.

Portnox now delivers a unified solution for zero trust access control

Previous article

New State of eBPF Report highlights evolution of eBPF technology 

Next article