What is an SBOM (Software Bill of Materials)?

Panoptica Team
Monday, Dec 5th, 2022

Understand why SBOMS are vital as part of covering your cloud estate and better securing your environments.

What is an SBOM?

SBOM or the Software Bill of Materials is the inventory package that comprises the different software components and metadata that make up a software product. The need for an SBOM was codified in a bill approved in September 2022, by the US Senate Homeland Security and Governmental Affairs Committee which aims to “improve the visibility, accountability, and oversight of agency software asset management practices.

Essentially, the SBOM aims to streamline organizations’ use of third-party software components and better ensure their security to avoid software supply chain compromises.

Putting the SBOM into Practice in Your Cloud

SBOM Coverage of Your Cloud with Panoptica

We are excited to announce a new feature for SBOM inventory for workloads scanned by our agentless workload scanning across AWS, Azure, and GCP. The relevant workloads are EC2 Instances (AWS), Virtual Machines (Azure), and Compute Engines (GCP).

Panoptica's new capability is collecting the SBOM from every workload's filesystem scanned. The packages are tracked over time and correlated with their relevant discovered vulnerabilities (CVEs).

The SBOM is available as an additional tab on the asset page in our Dashboard for the scanned workload. They can be searched through the tab search panel or exported in a CycloneDX JSON Format.

OWASP CycloneDX is a lightweight SBOM standard designed for use in application security context and supply chain component analysis.

SBOM Coverage of Your Cloud with Panoptica

Clicking "Show More" will display the correlated vulnerabilities (CVEs)

Panoptica’s Cloud Native Application Protection Platform (CNAPP) provides real-time insights into risks across your entire cloud environment, scanning your multi-account and multi-cloud environments for complete visibility of your cloud estate.

Panoptica’s agentless solution provides complete asset inventory and details the critical vulnerabilities discovered, using the Attack Path Engine at the core of its technology, to surface the most critical risks, and offer dynamic remediation recommendations.

Popup Image