Cloudsmith now automatically generates SBOMs during package synchronization of container images. This provides a CycloneDX format SBOM accessible via the API, and significantly quickens container image re-scan times.
What are SBOMs?
SBOMs (or Software Bill Of Materials) serve as an inventory of components comprising a software package. Based on an open standard, this includes information on dependencies, version numbers, licenses and checksums. By providing key insights into software composition, SBOMs help to better identify vulnerability exposure and ensure licensing and security compliance. SBOMs can be generated on source code, at build-time, at runtime, on the binary or the container image, depending on your use case.
With this addition, Cloudsmith now supports:
Storing, distributing, and verifying customer-provided SBOMs for container images.
Generating SBOMs for container images during package synchronization.
Storing and distributing SBOMs for Maven packages.
Check out SBOMs to learn more and to get started today.