Explore ReversingLabs Software Supply Chain Security's New Secrets Capabilities
LEARN MORE
Forrester Report: The Software Composition Analysis Landscape, Q1 2023 
LEARN MORE
eBook: Why Traditional App Sec Testing Fails on Supply Chain Security
READ NOW

SBOMs: Your Software Ingredient List Knowing what is in your software package is the first step in securing your software supply chain. Get your free Software Bill of Materials (SBOM) report now.

Get Free SBOM Report & Analysis
SBOM Facts

Why you need an SBOM

Comply with the Executive Order, and Get Ahead of Demand

In September of 2022, the White House Office of Management and Budget (“OMB”) published memo M-22-18 directing federal agencies to adopt guidelines that NIST developed in response to Executive Order 14028 for Improving the Nation’s Cybersecurity. The memo makes clear that SBOMs are the preferred method for demonstrating conformance with the NIST secure software development practices. Plus, more companies in the private sector are expected to require them.

Learn More About SBOMs

STEP ONE

sbom-what-it-is-and-why-it-matters

SBOM: What it is — and why it matters for software supply chain security

Get Started

GET AHEAD

Gartner expects SBOM adoption to go from 5% to 60% in 2025

Gartner explains why SBOMS will be a competitive advantage

Read Blog Post

ANALYSIS

White House memo requires software supply chain security, pushes for SBOMs

White House memo requires software supply chain security, pushes for SBOMs

Read Blog Post

Watch Your Diet

SBOM Facts: Know what's in your software to fend off supply chain attacks

SBOM Facts: Know what's in your software to fend off supply chain attacks

Read Blog Post

TAKE ACTION

Securing-the-Software-Supply-Chain-report

Enduring Security Framework's software supply chain guidelines: Fed roadmap now includes SBOMs

Read Blog Post

Special Report

Survey-blog2

Software supply chain security top of mind — but detection lags. How SBOMs can help

Read Special Report

What Is an SBOM? A List of Ingredients

A Software Bill of Materials is a listing of all components and dependencies in an application. While SBOMs are not a new invention, their use has been limited to date. Even today, the process for assembling SBOMs is often manual and their audience has historically been internal development teams, not external customers and auditors looking to secure their software supply chains. This change means that modern SBOMs must be comprehensive, accurate, and cover the entire dependency hierarchy to deliver value.
With ReversingLabs, See Components Others Miss

With ReversingLabs, See Components Others Miss

SBOMs must uncover all components, regardless of source, type or whether it is embedded, compressed or encoded. Component lists generated by automated build systems are rarely comprehensive enough to be useful SBOMs, since there are ways to add components to code, containers, installers or commercial libraries without declaring them on build or package manifests.

Dig Deeper Into Dependencies

Dig Deeper Into Dependencies

Your software relies on components (internally developed, open source, proprietary), which rely on components, which rely on still more components. To be effective, SBOMs need to capture this entire hierarchy - the trunk and every branch and leaf. Without dependency depth, your response to newly reported software supply chain vulnerabilities will be incomplete and needlessly time consuming.

Verify Component Accuracy

Verify Component Accuracy

Each component in the software you use should be what the SBOM says it is. Verification checks are needed to ensure no misleading or missing information about the software publisher, product, or its version is overlooked, which could complicate future vulnerability matching.

What to Expect

icon-submit-and-analyze

Submit

Complete the form to submit your software package for us to analyze.

Receive

Receive

We’ll email your SBOM, a detailed supply chain threat analysis report, and a link to schedule your review session.

Review

Review

Our experts will go over the findings, explain how your SBOM matches with new guidelines, and provide recommendations to simplify conformance reporting.

Gartner

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.